[Samba] AD integration with multiple groups

julien mabillard jma at mbuf.net
Tue Feb 1 06:57:11 MST 2011

I post here my question after having spent time on google and forums
and documentation to find a clue.

I use:
GNU/Linux RHEL5 x86_64
Samba Version 3.5.6
Active Directory 2003 on Windows 2003/2008

I want to allow an authenticated user (AD authenticated) to access
a share partition under samba only if one of his secondary groups
is a defined one.

ex: user joe
uid=4001(joe) gid=4010(domain users) groups=4010(domain users),

I want to be able to only allow group 'operations' to access the
share. I was trying to use : valid users = @operations 
or : valid users = @MYDOM\operations

But I only get success with the gid 'domain users'.

Can someone tell me if this is possible to do?

Thank you very much.

refs : https://mbuf.net/

More information about the samba mailing list