[Samba] I have issue in configuring file servers with AD integration.

Rowland Penny rpenny at samba.org
Mon Jan 21 12:01:38 UTC 2019

> On Mon, 21 Jan 2019 15:53:47 +0530
> venkat ramu <ramut123 at gmail.com> wrote:

I have rewritten your shares.

 path = /srv/samba/test/inherit
 valid users = "SBX\Inherit-Group"
 invalid users = "SBX\Test-Group"
 read only = No

 comment = inherit1
 path = /srv/samba/test/inherit1
 valid users = "SBX\Inherit-Group"
 read only = No

The first share 'inherit' only allows the members of the AD group
'Inherit-Group' to connect, but if a user is also a member of
'Test-Group', they will not be allowed access.

The second share is similar, except it doesn't have any invalid users.

There is however another possible problem, even if Samba allows access,
the underlying OS might not. The directory '/srv/samba/test/inherit1'
will have to belong to 'root:Inherit-Group' with 'rwx' permissions for
the group.

Your users will also have to be able access each directory in the
shares path

All of the above is a lot easier if you set the permissions
from Windows.


More information about the samba mailing list