[Samba] Group-based access instead of user-based?

tom uijldert tom.uijldert at gmail.com
Mon Sep 12 07:39:06 UTC 2022

Hi Rowland, 

Thanks for the tips, much appreciated. Please find my response below.


-----Original Message-----
From: Rowland Penny <rpenny at samba.org> 
Sent: 09 September 2022 17:39

>> Joined to our domain as member server, all domain users are mapped to
>> 1 unix account/group.
> It would be better to recreate the group in AD (or use Domain Users which all domain members are members of), delete the Unix group and then use vfs_acl_xattr and set > the permissions either from Windows od with setfacl.

The goal here is/was to have a directory that could be used fairly freely by all domain members of that particular group.
This seemed to me the most simple and straightforward setup.
The unix security setting is simple and something I more or less "get" where, frankly, the whole Windows ACL-stuff seems overly complicated. But granted, that may be my limitation.

> It would also help if you posted your smb.conf (that way we can confirm how you are running Samba).

Please find the smb.conf attached, it is the share [volwww] that we are testing.
For completeness sake I also included the mapping file (users.map).

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: users.map
URL: <http://lists.samba.org/pipermail/samba/attachments/20220912/d8b92b1b/users.ksh>

More information about the samba mailing list