[Samba] domain users "primary­ gro­up" does not take ef­fect ­in UNIX attributes

?icro MEGAS micromegas at mail333.com
Thu Oct 30 02:29:11 MDT 2014

> In the above example, you computer account cannot access the share. 
> the computer is not in "Domain Admin" "Domain Users" or SYSTEM.
> BUT 
> Your computer account is a member of "Authenicated users" 
> thats the only explanation im having, if its right.. no
> The first example should work also imo, but it does not. 
> Louis

Hmmm...doesn't make sense to me to be honest. Why should the computer
account takes a role in security settings? The computer account is
necessary to authenticate at my domain so my domain AD controller
recognizes it as authenticated member of the domain. Just in my opinion,
but maybe I'm wrong. But back to topic: I thinked about it and maybe
following explanation is the correct one:

As I am using "johndoe", "foo" or "bar" these user names are mapped to
the unix account "root". That does mean, that Windows or Samba *only see*
the user "root". Windows/Samba don't mind if the user "johndoe", "foo"
or "bar" initially logged it, it sees them just as "Unix/root". And so
this user account is not a member of "Domain Users", "Domain Admins" or
anyone else, but it's recognized with "authenticated users" because
the windows client did authenticate once against the samba4 ad dc.

That's a possibly explanation, but I am not sure if it's correct. If
anyone knows better, please help us and throw some light in the darkness.


More information about the samba mailing list