[Samba] valid users option and NT users

Henk Siebelink henk.siebelink at tweesnoeken.nl
Fri May 7 07:00:14 GMT 2004


I use Samba 2.27 on top of Red Hat 9 as a Domain Member Server. The
integration with the NT4 Primary Domain Controller works fine. Being used to
NTFS I find the definition of Access Rights on shared files is somewhat
limited.  I can only assign Access Rights tot the User, his Primary User
Group and the Everyone Group.  I Understand this is a limitation of the
Linux filesystem where one assigns rights to User, Group and Others?

However there is an option valid users = [user list]  that you can use to
let Samba determine who has access. As far as I have been able to test it,
this option only seems to work with users that are defined in the Linux
account database. As soon as I define the valid users option,  my NT users
can not use the share. If I remove the valid users option from the share,
the problem is gone.

Another thing I don't understand is why I keep getting an Access Denied
Error when I try to modify access rights on a file I have created myself (as
an NT user) on the Samba share. The NT combo box tells me I have full
control on the file but I can not change any permissions. On the level of
Linux user group and others have read, write and execute rights, so that
should be sufficient.

So the question is:  Are these bugs or are these features? And if  they are
bugs, is there a fix?

I have seen the add user script option too, which seems to allow the
creation of Linux users "on the fly"  But I haven't been able to implement
it successfully (yet).  Or do I have to turn my Samba server into a Domain
PDC for this option to work? Can anyone help me on this.?

Any answers are highly appreciated.

Best Regards from the Netherlands,


PS: please find my smb.conf below


Current Config

# Samba config file created using SWAT
# from (
# Date: 2004/05/07 09:04:45

# Global parameters
	workgroup = WORKGROUP
	netbios name = NETBIOSNAME
	security = DOMAIN
	encrypt passwords = Yes
	password server = *
	log level = 3
	log file = /tmp/%S.log
	winbind uid = 10000-20000
	winbind gid = 10000-20000
	admin users = DOMAIN\domainadmin
	printer admin = DOMAIN\domainadmin

	comment = my shared folder
	path = /home/samba
	force group = ARCHITECT
	read only = No
	force create mode = 0777
	force directory mode = 0777

	path = /usr/local/samba/printers
	write list = [ a list of users]
	read only = No
	guest ok = Yes

	path = /tmp
	printable = Yes
	browseable = No


More information about the samba mailing list