[svlug] User directory shares with Samba, Winbind, and Win2k domain

Robert Hajime Lanning lanning at lanning.cc
Wed Jul 31 12:56:32 PDT 2002

---- As written by Daniel Curry:
> I would like to recreate this, but am not certain how to, considering the
> combination of Win2k Domain groups and users with unix/linux users and
> groups.

Samba does an SUID call to switch to the user that the connection was
authenticated as.  So, you will need to create the groups (/etc/group)
that mimic the NT Domain groups and make the propper users a member of
the groups.

Then you will need to chgrp the shared directory to the group that needs
access.  Also, setting the SGID bit on the directory would be a good
idea.  If you need multiple groups to have access then you will need to
just open up the permissions on the directories and handle it all in the
smb.conf entries.

Then edit your smb.conf, for each share you will need to give the propper
rights for the groups.

Share rights:

force create mode = 0775
force directory mode = 2775
read list = @readonlygroup
write list = @writeonlygroup
valid users = @readonlygroup, @writeonlygroup

This is only to start.  There are a lot of tweaks that can be done.


More information about the svlug mailing list