[Samba] Local groups with ADS users

RaSca rascasoft at tiscali.it
Fri May 26 12:35:37 GMT 2006

Hi everybody,
I've configured SAMBA for joining the ADs of the place where i work, and 
everything is working fine. This means that with "getent passwd" i see 
all the local and the ADS users, i am also able to log into my machine 
via ssh by using the pam_winbind module and so on.
I've configured some directories that are shared by samba and are 
property of their owners and also this thing is working fine.
What i want to do now is to grant the write permission in a directory to 
a local group composed by ADs users.
I've defined the directory in smb.conf :

  comment = TEST
  path = /samba/TEST
  browseable = No
  public = No
  read only = Yes
  write list = @ADGROUP

and created the group :

#groupadd ADGROUP

but it's impossible to modify the AD user by using usermod for including 
him in my group  :

# usermod -G ADGROUP MYDOMAIN+myuser0
usermod: MYDOMAIN+myuser0 not found in /etc/passwd

and this for me is almost clear, because if usermod search only in 
passwd it will not find anything. So i've added manually the user to the 
group in the /etc/group file :

# tail -1 /etc/group

This seems to work, because if i run this command :

# groups MYDOMAIN+myuser0

i receive what i'm expecting to receive.
The permission on the directory that i'm sharing are these :

drwxrwx---   2 root ADGROUP 4096 May 26 11:48 TEST

But once restarted samba, i'm unable to access to this directory with 
the ADs user.

What this problem maybe ? Is this a good way for proceding considering 
that i can't do any kind of modifications in the ADs server ? There's a 
better way to do what i wanto to do ?

Let me know if i made myself clear and...Thanks for any help i will receive.

"Il regno dei cieli e' simile ad un mercante che va in cerca di
perle preziose. Trovatane una di grande valore va, vende tutti
i suoi averi e la compra" - Gesu' Cristo

More information about the samba mailing list