[Samba] adding AD domain users in local Linux group for acces to share

Hubert, Laurent Laurent.Hubert at USherbrooke.ca
Fri Dec 6 12:31:47 MST 2013


It seems that domain user can access share when they are specified in "valid list" but not when
"valid list"  use local group definition.

First if  added the  domain user  "duser" to  the group  "lgroup" in  /etc/group
Then i defined a samba share   and  add   the domain user  "duser  in the "valid list"
        comment = Dossier pour le groupes des Technologues clinique du CIMS
        path = /export/groups/lgroup
        writeable = yes
        write list = duser
        valid users =duser
        create mode = 0770
        directory mode = 0770

In that case I can access the share with  "smbclient //host/lgroup  -U duser"
While if I use   "write list =  @lgroup"  and " valid users =@lgroup"  I cannot access the share.
On the other hand, "duser" can access the system thought ssh and write inside  "/export/groups/lgroup"
as  unix right are the following
drwxrws- - -  root lgroup  /export/groups/lgroup

Here extract from  /etc/group

and from  /etc/samba/smb.conf
        idmap config  *:backend  = tdb
        idmap config  *:range  = 5000-49999
        idmap config myDOMAIN:backend  = rid
        idmap config myDOMAIN:range  = 50000-99999
        winbind use default domain = yes
        winbind nested groups = yes
        winbind enum groups = yes
        winbind enum users = yes


Laurent Hubert, PhD
Professionnel de recherche
Administration de systèmes Linux, déploiement de solutions Open Source
Centre d'imagerie moléculaire de Sherbrooke
Centre hospitalier universitaire de Sherbrooke
819 346 1110 x 11836
pagette: 6475

More information about the samba mailing list