[Samba] valid users = +group doesn't work

Leonid Zeitlin lz at csltd.com.ua
Mon Apr 21 14:21:37 GMT 2008

Hi Jerry,
Please see below.

> The supplementary groups are determined by mapping the Windows group
> to a gid.  I'm having to remember what we already convered so apoligies
> fotr asking again.  Are you running winbindd?  or just manually
> mapping groups to SIDs ?  Seems to be the former.

Winbind is running, yes.

>> I see. But it appears to me (correct me if I'm wrong) that
>> if a local Unix group is mapped with "net sam mapunixgroup", then
>> it becomes a local nested group and Samba could use
>> it in "valid users" - but apparently it doesn't, which confuses me.
> No.  The nested group functionality is only served by Winbind.

I guess my question now boils down to the following: when I access a share 
as domain user DOMAIN\lz, is there a way to apply "valid users" check based 
on the Unix group membership of the Unix user "lz". From what you are saying 
I am getting the impression that the asnwer is no; is this really so?


> cheers, jerry
> - --
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Likewise Software          ---------  http://www.likewisesoftware.com
> "What man is a man who does not make the world better?"      --Balian
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> iD8DBQFIDKAIIR7qMdg1EfYRAk+fAJ4zn2iWrkmyVMcfXv9O09rRGWAzPgCcDkA8
> E1O1kHw1lM1LDcE2xRcJfWY=
> =ch5e

More information about the samba mailing list