[Samba] More Domain Groups

Collins, Kevin KCollins at nesbittengineering.com
Tue Jun 17 14:57:01 GMT 2003

Hi All:

Stuff I'm using:

Red Hat Enterprise Linux ES 2.1
Samba 2.2.7
OpenLDAP 2.0.25

I followed the Idealx.org howto to build Samba+LDAP.  I have a functioning,
replicating domain on my lab workbench right now.  Then I began to explore
permissions on local shares, etc. when I discovered that to a Windows
client, the only domain groups that are available from a Samba PDC are
"Domain Users" and "Domain Admins".

Upon further reading in the Idealx Howto, I see this comment:

"In Samba 2.2, only 2 groups are dealed for Microsoft Windows workstations:
Domain Admins and Domain Users.  All other groups are considered Local Unix
Groups.  That means that a Samba user will only be a Domain User or Domain
Admin.  If you only use Samba servers, there is no problem, but if you plan
to use Microsoft Windows NT member servers using groups, just forget about

What this doesn't say is that the local Windows workstations will not be
able to see anything but users those two groups.  I have several machines
sharing data and printers from the local machine.  This simply isn't enough
groups for me to apply my scheme of local rights.

Well, more correctly, this causes me a great deal of administrative overhead
maintaining local group definitions as things change.  I've googled, read
more howtos than  I care to mention and have basically fried my brain
looking for viable options to solve this problem.  So I'm posing the
question to the group:

Is there anyway I can get additional groups (which are available to Samba)
through to the local Windows workstations?

Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.

More information about the samba mailing list