[Samba] Question about groups in samba from and AD

James Mauser jmauser at fau.edu
Wed Mar 23 16:59:35 GMT 2005

I have a question regarding groups that hopefully someone can lead me to a
answer on:


We have a Active Directory set up in mixed mode and this AD has 2 domains in
it (the top level (I'll call main) and one trusted domain (which I'll call

>From a linux Fedora core 3 box: 

We are able to have users log into the linux box with their AD username and

We are able to have users connect to the shares on the linux samba box.

We have several linux boxes that users log into with their same username and
get the same uid (via ldap)


What's not working though is:

having permissions bassed off of groups.  chgrp trusted\groupname (works)
but no users ever get permissions to the group because:

getent group trusted\groupname it will retrun the group name with no users
(except for users in the trusted domain will show up but none from main)


whereas  chgrp main\groupname works and users can have permissions to the
share with no problem.   (but since we don't have access to add groups or
users to groups  on the main domain we have to use the trusted domain)



There are users from the trusted domain and from the main domain in this

We have gotten groups set up but by using netgroup and /etc/groups to allow



While this is a work around  it would be nice to be able to use the groups
that are already created on the AD and not have to duplicate efforts



James Mauser

Coordinator Computer Applications

College of Engineering and Computer Science

Florida Atlantic University



More information about the samba mailing list