[Samba] Help needed: valid users

[Gary Dale]

Chris Osicki wrote:
> Hi 
>
> I'm using Samba 3.0.33 on Solaris10 and have the following problem.
> In the smb.conf I have 
>
>     workgroup = CORPROOT
>     security = domain
>
> and users authenticated to CORPROOT domain can connect shares
> w/o problems, [homes] for example.
> Now I would like to create a share and restrict access to it just 
> to a dozen of users or so.
>
> I tried 
>   
>   valid users = +docs
>   force user = usodocs
>
> where docs is a group in /etc/group and it didn't work.
> Looks like Samba is trying to look up the group docs on the domain
> controller in the CORPROOT domain.
>
> So, I tried this
>
>   valid users = CORPROOT\user
>   force user = usodocs
>
> it works. 
> According to man page 
>    valid users = +docs
> should work.
> I must be missing something, but what?
>
> Is there any better/nicer way to achieve what I'm looking for?
> That is, to give a group of users full control over content of 
> a share.
> I have several Linux Samba servers where I use POSIX ACLs to control
> read/write rights on the OS level and it works fine. 
>
> I tried the same on the Solaris10 box with ZFS and its ACLs and it
> didn't work as expected (posted about it few weeks ago, no answers though)
>
> I would be very thankful for any help.
>
> BTW, anyone any idea how to attract attention to a post on this list?
> Virtual beer as attachment? ;-)
> My success rate is by now close to nothing.
>
> Thanks for your time.
>
> Regards,
> Chris
>   
Further to my earlier response, you need to ensure that the group has 
access to the share since Samba permissions cannot override Linux 
permissions.  You may want to set the Linux permissions to 777 while 
testing.  Leave off the force user and just try the "valid users". Also, 
since you are using the + group prefix, this is strictly the Linux group 
that you are granting permission to.