Authenticating NT Shares against Samba PDC users/groups

Jim Morris Jim at
Tue Mar 20 15:12:34 GMT 2001

Hello Augis,

Tuesday, March 20, 2001, 2:47:46 AM, you wrote:

A> Why you had to create new user group? You could simply pull out the
A> names from Samba.

Well, I seem to have trouble doing just that. If I select a group from
the Samba server on the NT box, I end up with an error that the
"account doesn't exist" or something like that. That's not the exact
error I get on NT - but as I'm not onsite at the moment, I cannot
reproduce it right now.

A> After this, you should establish permitions to share like : [your 
A> group]; SYSTEM; Domain Admins - Full Controll and permitions for 
A> directory SYSTEM; Domain Admins - Full Controll

Well, I don't WANT any of these users to be domain administrators.  I
want a group of users with just "normal" user-level priveledges in the
domain.  I want that group ("accounting" for example) to be able to
use the share in R/W mode, and users that are NOT in that group to not
even connect to the share on the NT box.

A> I think this is because you ommited SYSTEM account you are not able to 
A> see any files.

I guess I'm not clear on how I am supposed to assign the SYSTEM
account here....  Okay - I'm on a Windows 2000 box right now, and I
see "SYSTEM" in the list for adding access rights to a share or file.
So I put the group I want (NOT "Domain admins" hopefully) and SYSTEM
in the list, and that should take care of it?

I'll have the guys onsite try that and see what happens.


Best regards,
 Jim Morris                            mailto:Jim at

More information about the samba-ntdom mailing list