[Samba] Grant only one AD group to samba share ?

steve steve at steve-ss.com
Wed May 23 03:41:21 MDT 2012

>> On 05/22/2012 1:01 PM, Newman, John W wrote:
>>> Thanks..
>>> Unfortunately neither suggestion worked
>>> chgrp still just says "invalid group"

"invalid group", even though it shows up in wbinfo -g and getent group 
says a lot about winbind.
>>> valid users = @"DOMAIN\\My Group" behaves the same as I described in
>>> the OP. Valid credentials = access denied ; invalid credentials =
>>> invalid name or bad password. I already tried all sorts of things in
>>> valid users, but nothing is the magic string I need.
>>> Any other ideas?

I realise that you may be stuck with winbind as you inherited the 
project but it has to be said that it it really is even these days 
shrouded in mystery and is inflexible enough to make us have to switch. 
To have to suffer this to get a rw share is just too much!

We have never looked back since switching to libnss-ldapd. For someone 
at your level, it's a doddle to setup and you get one to one gid:uid 
mappings _every_ time. We have a howto we can send off list if you get 
fed up. It's for Samba4 though.

More information about the samba mailing list