[Samba] valid users with AD group

jsl6uy js16uy js16uy at gmail.com
Thu Dec 15 19:50:09 UTC 2016

Hello all, hope all is well/happy holidays

Issues with an old thread out there, valid users containing an AD group

Have tried this on systems running cent7u2 and ubuntu trusty. These systems
are running sssd. I can login with AD users and chown/chgrp file with AD
groups. However, I can't get AD groups to work with valid users for
restricting share access. If I just set individual AD users, works just
I did troll thru googles and this mailing list, but many posts were
leveraging winbind or winbind and older versions of samba. Faqs and docs
led me to try several variants for vaild users =


Any thoughts/help would be greatly appreciated.
thanks and regards

some samba vers on the centos host

[root at Xsamba]# smbd -V
Version 4.2.3

>>>Here is the config

        workgroup = mc
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = ads
        bind interfaces only = yes
        dedicated keytab file=/etc/krb5.keytab
        password server =
        realm = MC.FOO.COM
        passdb backend = tdbsam
        map to guest = Bad Uid

        comment = Home Directories
        browseable = no
        writable = yes

        comment = Server Logs
        path = /logs
        writable = no
        #valid users = jsmith
        valid users = @"MC\MC-Services"
        printable = no

More information about the samba mailing list