[Samba] NT Group to single unix ID

simo idra at samba.org
Wed Sep 13 15:40:16 GMT 2006 

The only way you can do this that I can think of is to create one share
for each group, set valid users = +groupname and set force user =
unix_account_name

Anyway it would be probably easier to just use ACLs and default ACLs on
directories and files and give access to files accordingly to their
group membership through ACLs.

Simo.

On Wed, 2006-09-13 at 08:34 -0500, Jim Shanks wrote:
> Hello Samba Gurus,
> 
> I have been searching for a week for a solution to this problem
> with no resolution thus far.  I have a need to map an NT Group
> (a large group of NT users) to a single unix user ID.  I guess
> I am asking for an example of the smb.conf and users.map file.
> 
> We have hundreds of NT users in various user groups.  For example.
> 
> Example:
> ========
> NT_Group_1 needs to map to single unix account 'account 1'
> NT_Group_2 needs to map to single unix account 'account 2'
> 
> We are using domain security.  Users who access a unix share with an
> account in the NT_Group_1 should have have effective UID of the account1
> unix account.  We cannot do this with individual NT account names in
> users.map due to the large number of users and the frequency of the
> updates that will be needed.
> 
> Any help is greatly appreciated.
> 
> Thanks,
> Ray Randall
> 301-680-1187
> 
> 
> Without a little more information it's hard to tell exactly what you're
> trying to accomplish, but let me give this a try.
> 
> We have a server used for temporary backups (moving files, etc.).  All
> users login to the server as user "backup-user".  The account has no
> password.  The box is well secured through a firewall and is in one
> workgroup, so I don't need a password.  In any case users attach to the
> share on the server with Windows command:
> 
> NET USE M: \\tempserv\backup-vol /user:backup-user /persistent:no
> 
> This makes it more of a client side issue.  Everyone just logs in to the
> server with the same account which is far easier than trying to map many
> user logins to one unix account.
> 
> If that won't work for you, give me more information.
> 
> Jim
-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org

More information about the samba mailing list