[Samba] Groups Under "Domain" Security
Joshua D. Scott
sambalist at ozzy.net
Tue Jun 1 19:06:14 GMT 2004
We are running Redhat 9, 2.4.20-30.9 kernel, Samba 3.0.0 and Winbind
3.0.0. Security is set to "Domain" and we are trying to set up shares
which will be available to valid NT 4.0 users and groups.
Winbind appears to be working, and you can use the commands "getent group"
and "getend passwd" to see that it is communicating with the NT domain for
user and group information.
We successfully set up a share that only allowed the group "Domain Users"
to connect and write to it. Our problem is that when we replace this
group name with any other, they cannot access the share even if it's a
known valid group. For example, we tried a test NT domain group called
We managed to work around the problem by grabbing a lists of groups with
the "getent group" command, changing all the group names to lowercase, and
then writing the list to /etc/group on the samba server. Once this was
done we could access a share as a "SMBWRITE" group member, or any other.
Is there a bug in samba 3.0.0 or winbind which prevents domain
authenticated groups from working properly? Do we need to continue this
work around of keeping a local (to Redhat) group list, or have we simply
misconfigured something? I can post our smb.conf if this will help.
More information about the samba