[Samba] using Windows AD unwanted Group rights get applied to new Files

Rowland Penny rpenny at samba.org
Tue Aug 7 13:54:01 UTC 2018

On Tue, 7 Aug 2018 13:34:30 +0000
VELARTIS Philipp D├╝rhammer <p.duerhammer at velartis.at> wrote:

> Ok so the config is generally a problem. I can try to change that.
> What i do not understand is 
> >>You would then need to give all your users a unique uidNumber
> >>attribute containing a number inside the range you set in smb.conf,
> >>you would also need to give the user a gidNumber attribute
> >>containing the gidNumber of the required group to use instead of
> >>>>'Domain Users'.
> This is rella ycomplicated. 

It isn't once you get head around it ;-)

> How do users normaly use samba with a
> windows AD server without breaking security concept by bypassing all
> user right sharing the same group? 

They just don't allow 'Domain Users' access to the share.

>I could also give every user on
> the AD server a unique group... but thats a real hack...

Yes, It is .


More information about the samba mailing list