Using Local Groups with AD Domain Users for Samba Shares

Marko Myllynen myllynen at
Tue Oct 30 03:05:02 MDT 2012


On 2012-10-26 16:42, Andreas Schneider wrote:
> On Friday 19 October 2012 12:39:07 Marko Myllynen wrote:
>> in Samba 4 the "security = server" mode was removed making it a hard
>> requirement to use "security = ads" in AD environments to allow users to
>> access Samba shares with their AD username/password. While the server
>> mode had many problems [1] it allowed administrators to use local/NSS
>> groups to control access to shares while still allowing users to
>> authenticate with their AD username/password.
> net sam createlocalgroup wurst
> net addmem wurst SAMBA\asn
> [myshare]
> 	valid users = @wurst

thanks, this is indeed very helpful in the case you have only a handful
of users which need to be added to a non-domain group. However, as
mentioned off-list, this approach has the problem that you'll need to
duplicate and maintain your current (e.g. NIS) group information in the
local database which might cause too much overhead with larger groups.


Marko Myllynen

More information about the samba-technical mailing list