[Samba] Help needed: valid users

Gary Dale garydale at rogers.com
Wed Sep 16 13:55:29 MDT 2009

Chris Osicki wrote:
> Hi 
> I'm using Samba 3.0.33 on Solaris10 and have the following problem.
> In the smb.conf I have 
>     workgroup = CORPROOT
>     security = domain
> and users authenticated to CORPROOT domain can connect shares
> w/o problems, [homes] for example.
> Now I would like to create a share and restrict access to it just 
> to a dozen of users or so.
> I tried 
>   valid users = +docs
>   force user = usodocs
> where docs is a group in /etc/group and it didn't work.
> Looks like Samba is trying to look up the group docs on the domain
> controller in the CORPROOT domain.
> So, I tried this
>   valid users = CORPROOT\user
>   force user = usodocs
> it works. 
> According to man page 
>    valid users = +docs
> should work.
> I must be missing something, but what?
> Is there any better/nicer way to achieve what I'm looking for?
> That is, to give a group of users full control over content of 
> a share.
> I have several Linux Samba servers where I use POSIX ACLs to control
> read/write rights on the OS level and it works fine. 
> I tried the same on the Solaris10 box with ZFS and its ACLs and it
> didn't work as expected (posted about it few weeks ago, no answers though)
> I would be very thankful for any help.
> BTW, anyone any idea how to attract attention to a post on this list?
> Virtual beer as attachment? ;-)
> My success rate is by now close to nothing.
> Thanks for your time.
> Regards,
> Chris
Don't use "force user" unless you really want everyone to look like that 
user when accessing the share. Quick documentation on the various 
options is available via SWAT.

More information about the samba mailing list