ACLs by remote NT server *group*??

Chris Shenton cshenton at
Wed Nov 26 14:50:53 GMT 1997

We've got a document repository on a Samba system, v 1.9.17alpha3,
Solaris 2.5.1. Or clients authenticate to an NT domain so we do auth
on Samba using the construct:

	security                = server
        password server         = HQBDC1
What we'd like to do is allow one of our departments to get access to
the docs but prevent all the other departments. I'd like to use the NT
*group* in which the users belong to do access control but I can't
figure a way to tell Samba to do this.  I really don't want to have to
clone a password file in UNIX or enumerate usernames because they
change so often -- I'd rather let the NT server boyz worry about that
stuff. :-)

Is there a way to do ACLs based on NT groups?

Or perhaps I'm so clueless on NT domains and NT-style authentication
to understand whether this is doable. But let me know one way or the


(I just pulled down 1.9.18alpha11 and am looking into DOMAIN.txt,
 NTDOMAIN.txt, etc, but my NT domain ignorance is preventing me from
 understanding all of it; pointers to good books welcome; I've already
 read the FAQs and docs on

More information about the samba mailing list