[Samba] CentOS 7 AD member having issues with AD groups

Jakov Sosic jsosic at gmail.com
Mon Dec 12 02:23:56 UTC 2016

Hi guys,

I've joined CentOS 7 successfully to AD as member server, and set couple 
of shares.

But, limiting access by listing groups, or forcing group write isn't 

Samba is clearly having issues with groups.

This is example share not working at all (constantly asking for 

	path                 = /data/tools/
	comment              = Web development tools
	valid users          = @"EXAMPLE\itdesign", @"EXAMPLE\itdev"
	browseable           = yes
	writeable            = yes
	force mode           = 0660
	force directory mode = 0770
	force security mode  = 0660
	guest ok             = no
	guest only           = no
	delete readonly      = Yes
	follow symlinks      = Yes
	wide links           = No
	case sensitive       = Yes

When I comment out or remove `valid users` directive, access works.

Also, if I run getent groups it doesn't return any member, while on the 
CentOS 6 with samba 3.5.10 it works:

centos7 # getent group 'domain users'
domain users:x:10513:

centos6 # getent group 'domain users'
domain users:x:10513:jakov.sosic

Any ideas?

I've also found this serverfault post:


More information about the samba mailing list