[Samba] Help needed: valid users

Alex Crow acrow at integrafin.co.uk
Thu Sep 17 09:42:50 MDT 2009

> >
> >   
> I'm not sure that Samba checks the Linux groups but Linux does. In a 
> Windows domain, all the accounts reside in the Domain. It may be 
> checking the Linux accounts for shares on the DC, but wouldn't be able 
> to on a member server. Perhaps one of the Linux gurus could answer your 
> question. However, for operations in the domain, you're best to stick 
> with domain entities, such as a domain group or domain user accounts. So 
> long as Samba has sufficient privileges to access the local Linux share, 
> it should be OK.

Samba (and the windows clients) will only care about domain groups in
the global context of a Samba domain, Unix local groups are pretty
useless here. You need to sort out group mappings to map your local Unix
group to a Samba group, then all should work fine.

"net groupmap" on your domain controller is the way to go. You can then
go on your merry way using Linux groups on the server across all your
Windows clients and other Win/Samba member servers (given an appropriate
way of resolving those groups across any other Samba/windows servers you
may have - eg Winbind and LDAP).

Seems this type of thing comes up a lot - should there be something
prominent on TOSHARG about it?


This message is intended only for the addressee and may contain 
confidential information.  Unless you are that person, you may not 
disclose its contents or use it in any way and are requested to delete 
the message along with any attachments and notify us immediately. 

"Transact" is operated by Integrated Financial Arrangements plc 
Domain House, 5-7 Singer Street, London  EC2A 4BQ 
Tel: (020) 7608 4900 Fax: (020) 7608 1200
(Registered office: as above; Registered in England and Wales under
number: 3727592) 
Authorised and regulated by the Financial Services Authority (entered on
the FSA Register; number: 190856)

More information about the samba mailing list