[Samba] winbind and local groups

George Farris farrisg at cc.mala.bc.ca
Fri Sep 21 14:52:26 GMT 2007

On Fri, 2007-21-09 at 00:30 +0200, Philipp Wagner wrote:
> Hello,
> I got a Samba setup with an samba server being part of a Windows Domain,
> which is working great. I can authenticate using all domain users and so
> on without any problem.
> Now I added a local group named "rai-additional" to my samba system and
> added a domain user to that group (using DOMAIN+username).
> "getent passwd DOMAIN+username" the domain groups and "rai-additional"
> as groups, which is exactly what I want.
> Unfortunately, when I set "valid users = @rai-additional", the user
> DOMAIN+username cannot access the share. It works if I use a domain
> group, e.g. "valid users = @DOMAIN+some-group". So it seems Samba just
> ignores local groups. That also seems the conclusion made some other
> times in the past (unfortunately, all of them around two years ago) [1].

Did you do a groupmap of your local group?  Something like:
net groupmap add ntgroup="Windows group" unixgroup=yourunixgroup  type=d

net groupmap add ntgroup="Domain Admins" unixgroup=wheel  type=d rid=512

More information about the samba mailing list