[Samba] valid users option

grant little grantliddle at gmail.com
Fri Sep 3 08:50:59 MDT 2010

 On Thu, Sep 2, 2010 at 2:08 AM, DUPEYRAT, PIERRE (PIERRE)** CTR ** <
> pierre.dupeyrat at alcatel-lucent.com> wrote:
> Hello,
> I am using samba server as members of windows AD domain , with "security =
> ADS", the logins unix and windows are aligned.
> Since the version 3.0.34 , I have strange behaviour  on shares where we use
> "valid users" with unix groups it does'nt work.
> Nok:
> Valid users = @group1
> Valid users = +group1
> Still work :
> Valid users = Domain\user
> Valid users = user
> The bad workaround found , is to use a file users.map and add the entry
> below:
> user = domaine\user
> could you help me ?
> Regards.
> _________________________________________


*De :* grant little [mailto:grantliddle at gmail.com]
*Envoyé :* jeudi 2 septembre 2010 19:38
*Objet :* Re: [Samba] valid users option

>  That drove me crazy figuriung it out for my local system but I finally
> found it, YMMV
> this works for me
>   valid users = @ad\groupname
>   write list = @ad\groupname
> where 'ad' is the domain of my local active directory.
 On Fri, Sep 3, 2010 at 12:26 AM, DUPEYRAT, PIERRE (PIERRE)** CTR ** <
pierre.dupeyrat at alcatel-lucent.com> wrote:


The problem is when i want to use unix groups  (locals or NIS).


Allô Pierre,

maybe the problem lies in your nsswitch.conf
<quote src='nsswitch.conf man page'>The sources  for  the  "databases"  and
their lookup order are specified in the /etc/nsswitch.conf file.</quote>

I'm using ldap so I have this as part of that file:
passwd:         files ldap
group:          files ldap
shadow:         files ldap

which says it looks first in passwd (etc) files and then ldap

you never described your setup so you might be using something different
passwd:  files nis


passwd: files winbind

But then maybe I'm way off base.

More information about the samba mailing list