[Samba] Samba 3.0 AD Integration restrict users

Chris Henderson henders254 at gmail.com
Mon Mar 2 01:10:18 GMT 2009

I have configured a Linux server so users can log in with their AD
credentials. However, I have a directory I would like to share and
restrict it to a few AD users. All these users will have read and
execute access but only two users will have write access.

The /srv/www/vhosts/marketing is the directory I would like to share.
It is owned by root:marketing both have 777 permission to that dir. I
have edited the /etc/group file and added one of the users to the
marketing group but while trying to log in I can see permission denied
when connecting to [marketing] in /var/log/messages

Following is my smb.conf file. Thanks for any help;

        workgroup = AD
        security = ADS
        realm = domain.com
        encrypt passwords = yes
        preferred master = no
        log level = 3
        auth methods = winbind
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        netbios name = gandalf
        password server =
        template homedir = /home/%D/%U
        template shell = /bin/bash

        comment = Marketing Internal Web
        inherit acls = No
        path = /srv/www/vhosts/marketing
        read only = No
        guest ok = No
        browseable = Yes
        create mask = 4755
        directory mask = 0770


More information about the samba mailing list