[Samba] restrict what users can log onto each workstation

Matt Skerritt matt.skerritt at agrav.net
Tue Dec 5 16:40:17 GMT 2006

On 05/12/2006, at 11:12 PM, Toni Casueps wrote:

> I've tried it with users and it works, but now I can't set it for  
> groups. I've created a Unix group with the denied users and I've  
> written in /etc/samba/smbusers:
> denied = @denied
> also in smb.conf I've set
> username map = /etc/samba/smbusers
> but I still can't see that group in the "Select user or group"  
> dialog on Windows
> I use Samba 3.0.13

Oh yes, with an LDAP backend (which I use) you need to give your  
groups a Samba SID so that windows can see them - otherwise they're  
just Unix groups ... (and I had a very similar problem with windows  
being unable to see most of the groups). Now if I can only remember  
how I did this again. And I just notice that you don't mention LDAP  
anywhere, ...

OH yes, I remember now (after I checked my scripts)

the command

net groupmap add ntgroup="<NT Group Name>" unixgroup="<unix group  
name>" type=d

set's the mapping up for you. I think that'll work for any backend  
database.  and the command

net groupmap list

will show you the current mappings between unix groups and windows  

> Anyway, that isn't so important. Thanks very much.

You're welcome. I'm happy to help :)

Matt Skerritt
matt.skerritt at agrav.net

More information about the samba mailing list