[Samba] Mapping Windows groups to Unix ones on Samba 2.2

eric roseme eroseme at emonster.rose.hp.com
Thu Jan 13 18:20:53 GMT 2005


Is this Samba Opensource 2.2.12 or HP CIFS Server 2.2.12 (A.01.11.03)?

"groupname map" is not a real Samba feature, I believe.  See Jerry's 
response at:

> http://marc.theaimsgroup.com/?l=samba&m=104302387220719&w=2

HP CIFS Server at 2.2 was not enabled for winbind, thus there is no way 
to do what you want.  If you go to HP CIFS Server A.02.01 (3.0.7 and 
3.0.8) you get winbind and "net groupmap" - not the same syntax as below 
but you can map AD groups.

Eric Roseme
Hewlett-Packard

Laurent Blume wrote:
> Hi all,
> 
> Now that I've got Samba 2.2.12 running correctly on that HP-UX box, I 
> need to allow write access to a given AD domain group.
> 
> What is the right way to do it on Samba 2.2?
> I added a group.map file in smb.conf, and a line inside that said:
> unixgroup = "AD Domain Group"
> 
> Then in smb.conf, I put in [global]:
>         groupname map = /etc/opt/samba/group.map
> 
> And in the correct share, I put the following:
>         valid users = @unixgroup
>         read list = @unixgroup
>         write list = @unixgroup
> 
> I did not restart Samba, but from what I understand, the config file was 
> automatically reloaded. SWAT did display the new values.
> 
> The users' login were already mapped in the user.map file, and that 
> works fine.
> 
> However, after doing that, the persons in the AD group still had no access.
> 
> Putting the unix users directly in the unix group does work, but of 
> course, is a much less clean solution.
> 
> Any hint or pointer to documentation? I was only able to find some for 
> the 3.0 version, which is quite different for that :-/
> 
> TIA!
> 
> Laurent
> 
> 



More information about the samba mailing list