[Samba] users via winbind and using @group in smb.conf

Stefan Froehlich samba at Froehlich.Priv.at
Thu Dec 28 15:42:51 GMT 2006


I have two samba servers, A is configured as a PDC, B offers some
additional shares. B is getting usernames and passwords via winbind
from a, using the following configuration directives:

| idmap uid = 100-999
| idmap gid = 100-999
| winbind enum users = yes
| winbind enum groups = yes
| winbind use default domain = yes

This is basically working fine, local ssh login is ok, getent shows
all remote users and passwords.

Now B needs to define some additional, local groups containing the
names of remote users. In /etc/group the usernames have been added
(without the DOMAIN\ prefix, as "use default domain" is set). On the
command line, this is working as well ("groups" does show the local
group for the remote users).

But what das NOT work is to assign a samba share on B to this local
group. I tried

| valid users = @group

as well as 

| valid users = @DOMAIN\group

but both ways all I get is NT_STATUS_ACCESS_DENIED.

How do I have to write this in order to get access for remote group
members in a locally defined group?


Die Kontaktboerse fuer Oesterreich - kostenlos und unkommerziell

More information about the samba mailing list