[Samba] Samba4: Setting u­p share/­security permiss­ions for ­shares on memb

?icro MEGAS micromegas at mail333.com
Tue Oct 21 12:46:54 MDT 2014

> have a look here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
> and here: https://wiki.samba.org/index.php/Delegating_Administration_Permissions
> Rowland

The first link is known to me, there is no information about "username map" as you explained to me. The second link describes how to assign some "special privileges" to non-DomainAdmin groups, thats nice. But unfortunately I didn't understand how to achieve my goal with that. I don't want to create an extra group "supporters" or similar, I just want to allow all members of 'MYDOM\Domain Admins' to change security settings. The example you gave me before works for one user. I did read the "man smb.conf" for that directive "username map" and I tried various variations for the "smbmap" file:

!root = '@MYDOM\Domain Admins' '@MYDOM\domain admins' '@Domain Admins' '@domain admins'
'@domain admins'

!root = @'MYDOM\Domain Admins' @'MYDOM\domain admins' @'Domain Admins' @'domain admins'
@'domain admins'

!root = @MYDOM\Domain\040Admins @MYDOM\domain\040admins @Domain\040Admins @domain\040admins

Unfortunately it didn't work. But following works of course:
!root = MYDOM\Administrator MYDOM\johndoe MYDOM\foobar MYDOM\admin3 MYDOM\admin4

Example (4) is doing fine as I realized, but let's say we have 50 admins, it's not comfortable to put each name in here. So I would prefer the more elegant way and define a group name which should be the group "MYDOM\Domain Admins".

Here's the output of...
[root at membersrv1:~$ getent group 'domain admins'
domain admins:x:11000:johndoe,foobar,admin3,admin4,admin5,admin6,...,admin50


More information about the samba mailing list