[Samba] group mapping question

Bob Miller bob at computerisms.ca
Mon Mar 7 10:24:04 MST 2011

On Mon, 2011-03-07 at 15:48 +0100, markus hansen wrote:
> Hi List,
> I recently posted about problems i am having with deleting files belonging to members of the same unix group (as the mapped AD user that wants to delete the file via samba). I now figured out, that one possible solution is to map that unix Group to an AD group (while creating the AD group and adding users to it first).
> Question: Is local group membership (on the samba server) of the mapped AD user irrelevant in that case? (Is the membership to domain groups the only group information that counts here?)
> regards
> Markus

Hi Markus,
I cannot speak to an AD setup, but I can say that if a samba domain
member server wants to authenticate against a samba pdc, you do not need
to have those groups existing on your member server.  
I use samba member servers as workstations, and I have modified the
nsswitch.conf and pam.d files with winbind such that the
username/password are not authenticated on the local box, nor are group
file permissions to mounted shares.  I can assign group permissions that
do not exist on the local box to files that do exist on the local box.
In theory you should be able to do the same...

> -- 
> GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit 
> gratis Handy-Flat! http://portal.gmx.net/de/go/dsl

Bob Miller
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions

More information about the samba mailing list