[Samba] Re: PAM-Winbind authentication working but can't use domain groups (FIXED)

Rich Webb rwebb at wmis.net
Sun Oct 12 04:36:16 GMT 2003

----- Original Message ----- 
From: "Rich Webb" <rwebb at wmis.net>
To: <samba at lists.samba.org>
Sent: Saturday, October 11, 2003 8:17 PM

> I am having trouble trying to figure out how to set up access to a samba
> share based on an Active Directory group.  Here is my smb.conf file:

In order to make it work, I had to take out the lines "winbind use default
domain = yes", and "winbind seperator = +" and then fully specify the domain
group in my share definition as such:

path = /svr/shared
valid users = @TESTSYS\shared   (or @TESTSYS\"Domain Users" if there are
spaces in the group)
writeable = yes
browseable = yes
force group = TESTSYS\shared

I think this could be a bug that it does not accept only "valid users =
shared" while "winbind use default domain = yes".  It appears that samba is
not correctly matching the group the domain controllers group.

The + is not a good seperator because if you read about the "valid users"
directive, it uses a + to specify a unix group.

Hope this helps someone!

More information about the samba mailing list