[Samba] Samba + AD Authentication: Restricting access to shares

Goetz, Patrick G pgoetz at math.utexas.edu
Tue Jun 11 19:45:51 UTC 2019

Because most of our servers are restricted to specific user groups and 
the AD domain covers the entire university, I need to find a way to 
limit access to samba shares, preferably using AD security groups; i.e. 
I want to do something like:

    comment = TEM Data
    path = /EMdata
    valid users = @cns-cryo-emusers
    guest ok = no
    writeable = yes

where cns-cryo-emusers is an AD security group.  Has this been 
implemented in any version of Samba?  Otherwise, is there any way to 
limit access when doing AD authentication?  We don't have any local 
users to limit access to; it's all domain users.  The local accounts are 
strictly used for administrative purposes.

More information about the samba mailing list