[Samba] Groups Under "Domain" Security

Jason Gray jgray at bardel.ca
Tue Jun 1 19:18:19 GMT 2004

What password backend are you using to authenticate users? smbpasswd,
ldapsam, tdb...


-----Original Message-----
From: samba-bounces+jgray=bardelanimation.com at lists.samba.org
[mailto:samba-bounces+jgray=bardelanimation.com at lists.samba.org]On
Behalf Of Joshua D. Scott
Sent: Tuesday, June 01, 2004 12:06 PM
To: Samba Mailing List
Subject: [Samba] Groups Under "Domain" Security

We are running Redhat 9, 2.4.20-30.9 kernel, Samba 3.0.0 and Winbind
3.0.0.  Security is set to "Domain" and we are trying to set up shares
which will be available to valid NT 4.0 users and groups.

Winbind appears to be working, and you can use the commands "getent group"
and "getend passwd" to see that it is communicating with the NT domain for
user and group information.

We successfully set up a share that only allowed the group "Domain Users"
to connect and write to it.  Our problem is that when we replace this
group name with any other, they cannot access the share even if it's a
known valid group.  For example, we tried a test NT domain group called

We managed to work around the problem by grabbing a lists of groups with
the "getent group" command, changing all the group names to lowercase, and
then writing the list to /etc/group on the samba server.  Once this was
done we could access a share as a "SMBWRITE" group member, or any other.

Is there a bug in samba 3.0.0 or winbind which prevents domain
authenticated groups from working properly?  Do we need to continue this
work around of keeping a local (to Redhat) group list, or have we simply
misconfigured something?  I can post our smb.conf if this will help.

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list