[Samba] Problem with Defaulting Groups and AD

Thompson, Jimi JimiT at mail.cox.smu.edu
Thu Sep 6 22:05:56 GMT 2007


I'm really frustrated with SAMBA.  All I want to do is have my users
authenticate using the domain controller, keep them restricted to their
own individual folder and disk quota, and have them back up their

The weird group membership that SAMBA is defaulting is pretty much
screwing the pooch for me.  Trying to over ride the SAMBA default group
membership to set it to what I know it needs to be in order for the Unix
file permissions to work isn't "pointless".  It's hard to back up to a
server that doesn't think you have write permissions.  

If you can tell me what I need to do to make it work, I'd be quite

Ms. Jimi Thompson, CISSP
Manager of Web Operations
SMU Cox School of Business
"Contemplate the mangled bodies of your countrymen and then ask
yourself, What should be the reward of such sacrifices... If ye love
wealth better than freedom, the tranquility of servitude than the
animating contest of freedom, go from us in peace. We ask not your
counsels or arms. Crouch down and lick the hands that feed you. May
your chains sit lightly upon you, and may posterity forget that ye  were
our countrymen." - Samuel Adams  This from our founding fathers.  I
wonder what they'd think of the Patriot Act & the Emergency Powers Act.

-----Original Message-----
From: samba-bounces+jimit=mail.cox.smu.edu at lists.samba.org
[mailto:samba-bounces+jimit=mail.cox.smu.edu at lists.samba.org] On Behalf
Of Gerald (Jerry) Carter
Sent: Thursday, September 06, 2007 3:46 PM
To: Thompson, Jimi
Cc: samba at lists.samba.org
Subject: Re: [Samba] Problem with Defaulting Groups and AD

Hash: SHA1


> Vital Stats - AMD 64-bit CPU, Ubuntu 7.0.4 (Feisty Fawn), 
> Samba 3.0.24,
> Win2003 AD Domain
> I'm not sure how to make it stop doing it.  When a user 
> "logs in" they get an automatically assigned group
> of "domain users" which doesn't actually exist in
> any of the file permissions.  I've tried setting group
> = %G and force group = %G but neither one is working.  

That says "force the group membership to the user's
primary group" which is pointless.  Not sure what you
are trying to do.  If you are runnign winbindd (assuming
so), then just add "domain users" the acl permissions?
Or some other domain group that you want.

> If anyone knows how to suppress this, I'd be greatly

Suppress what?

> appreciative.  As things stand, users can map the share
< but now everything is write only, despite specifically
> being stipulated at writeable.

You always get the most restrictive permission set
between smb.conf, share permissions, and file system permissions.

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list