[Samba] joined to ads, mapped permissions

Mike Partyka mpartyka at gmail.com
Tue Jan 3 15:35:59 GMT 2006

Hmm, interesting, i wasn't sure the "username map" was necessary when using

I can see how that would work, but it seems unecessary, since Winbind's
purpose is to make Active Directory users and groups appear to be local
users and groups, so permissions on a shares would be modified using chown &
chgrp and referring to the AD users in the form "DOMAIN\username" (assuming
\ is your winbind separator and that your not also using "winbind default
domain") I am far from an expert on it at this point, so i am just sharing
how i believed it to work at this point.

Thanks for your response!

On 1/3/06, ryan punt <rpunt at good-sam.com> wrote:
> Actually, in the case of disparate usernames between Windows and Unix
> accounts, that's exactly how it's done (or CAN be done).
> At my previous job, I was using Samba+Winbindd to allow Unix share access
> to Windows/AD accounts; the file specified in the "username map" parameter
> contained a bunch of entries like this:
> # format: unixuser = windowsuser
> PUNTR = rlpunt
> and my samba parameter looked like this:
> username map = /opt/etc/samba/users.map

More information about the samba mailing list