[Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC

Ulrich Schneider man at ulrichschneider.de
Mon May 20 04:57:46 MDT 2013

> Could you please confirm how you provisioned samba4, post a sanitized
> version of your smb.conf and explain just what you are hoping to achieve.

Ok, I will do that.

I want to use samba4
1. as an active directory domain controller
2. as a file server providing diefferent shares for different windows 

To do so I used the samba provision script to set up samba as AD DC. 
Works fine.

Then I read about restrctioning shares to win users/groups with:
	valid users = @SAMDOM\SCHUELER

This is not working. When a user in the win group SCHUELER is accessing 
a share he gets a popup window with username /password saying that the 
acces was denied to this share.


# Global parameters
         workgroup = SAMDOM
         realm = SAMDOM.EXAMPLE.COM
         netbios name = ULI-SD30V10
         server role = active directory domain controller
         dns forwarder =

#  security = ads
   password server =
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind enum users = yes
   winbind enum groups = yes
   winbind cache time = 10
   winbind use default domain = yes

         path = /usr/local/samba/var/locks/sysvol/samdom.example.com/scripts
         read only = No

         path = /usr/local/samba/var/locks/sysvol
         read only = No

       path = /data/schueler
       comment = Schueler
       read only = no
       valid users = @SAMDOM\SCHUELER

More information about the samba mailing list