Samba 2.2.0 and windows groups

Adrian Blount Adrian.Blount at
Wed May 2 08:26:10 GMT 2001

Hash: SHA1

Greetings all,

I've got a case where a user wants to enable access to a number of
samba shares based upon which windows group they are in.  From what I
understand this can only be accomplished using the recent 2.2.0
release of samba.  To this end I have installed 2.2.0 with
security=DOMAIN and all the relevant stuff but am not sure how to
actually configure the shares or user mapping/authentication to use
windows groups.  I can't find any reference in the doco except to
mention that this stuff is experimental, which, given that this
integration seems to be the grounds for a major release of samba, is
not very encouraging.

The scenario in more detail is thus...

SHARE1 needs to be READ-ONLY for members of NTGROUP1
SHARE1 needs to be READ-WRITE for members of NTGROUP2
SHARE2 needs to be READ-ONLY for members of NTGROUP3
SHARE2 needs to be READ-WRITE for members of NTGROUP4
and so on....

I think I need to use the 'user map' function and map "USER1 to
NTGROUP1", "USER2 to NTGROUP2" and then use the 'valid users' keyword
in each share to say that "USER1 is a valid user for SHARE1".

I know for a Unix group I can just use USER1=@UNIXGROUP1 in the map

Am I on the right track or am I way off and in need of a serious
re-schooling on samba/windows interaction?

Any help/suggestions/pointers-to-doco appreciated greatly!

Adrian Blount

Security Engineer
AlphaWest Pty. Ltd.
Phone: +61 8 9429 6100
Fax: +61 8 9429 6130
E-Mail: adrian.blount at

Version: PGP 6.5.8


AlphaWest Disclaimer
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact AlphaWest
immediately by returning the email to postmaster at and
destroy the original. This email is confidential and may contain privileged
client information. AlphaWest has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.

More information about the samba-ntdom mailing list