[Samba] how to join to AD ?

Diego Zuccato diego.zuccato at unibo.it
Fri Nov 27 07:39:52 MST 2009

mistofeles wrote:
> From Diego came this email:
> Wrong solution for what's really not a problem.
> You should map the samba user to 'myself'. Or, even better, place both users
> in a group and have /home/myself owned by myself:commongroup and 770. 
> --
> Mistofeles:
> Either I have missed something, or it doesn't work as I expected.
> Still the directory got to be like this:
> drwx---rwx 4 myself users        4096 2009-11-27 14:14 .
This way ANY Linux user could read and write it.
> I changed the permissions and group, and now I it is RW from WinXP:
> drwxrwx--- 4 myself domain users        4096 2009-11-27 14:14 .
This way only domain users (not Linux users, unless you manually add'em 
to "domain users" group) can access that directory.

> All the subdirectories or files are with permissions and groups built like
> this:
> -rwx------ 1 myself domain users    0 2009-11-27 14:14 hello.txt
Must be rw-rw---- or only "myself" can access it!

> I still wonder, what to do, if we have to allow new users to be linux users
> in this server.
Where's the problem?
Samba users are seen as normal users, with their uid and gid being 
provided by samba rather than by files in /etc ...
> I'd rather use the original Linux groups (barack:users) and permissions
> (700) here to keep he users out of the data of the other users.
Why? Unless you map every Samba user to the same uid, that directory 
won't be accessible by them, and I think that's not what you're looking for.
Have a look at how permissions work... You'll see what I mean. 
"others"="users with an uid and a gid different from the ones of the 

Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato at unibo.it

More information about the samba mailing list