Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 01-20-2013, 02:22 AM   #1
Registered: Jan 2010
Location: Vietnam
Distribution: Arch
Posts: 65

Rep: Reputation: 22
Samba 4: share directory for AD group


I've just installed samba 4 on CentOS 6.3 then follow configuration guide at Samba4/HOWTO/Join a domain as a DC. Everything is going right except I can't share directory to AD group.

- 'getent passwd' show as:
- 'getent group'
Enterprise Read-only Domain Controllers:*:3000008:
Domain Admins:*:3000009:
Domain Users:*:100:
Domain Guests:*:3000002:
Domain Computers:*:3000010:
Domain Controllers:*:3000011:
Schema Admins:*:3000012:
Enterprise Admins:*:3000013:
Group Policy Creator Owners:*:3000014:
Read-only Domain Controllers:*:3000015:
- smb.conf
        workgroup = ADDOMAIN
        realm =
        netbios name = LINUX-DC
        server role = active directory domain controller
        path = /usr/local/samba/var/locks/sysvol/
        read only = No
        path = /usr/local/samba/var/locks/sysvol
        read only = No

        path = /tmp/writers
        valid users = @"ADDOMAIN\Writers"
        write list = @"ADDOMAIN\Writers"
- Administrator is member of Writer group.
[root@linux-dc ~]# id administrator
uid=0(root) gid=100(users) groups=0(root),100(users),3000014(Group Policy Creator Owners),3000013(Enterprise Admins),3000009(Domain Admins),3000012(Schema Admins),3000020(Writers)
Problem is: member of group Writers can not access 'test' resource. If I change 'valid users' to: "valid users = ADDOMAIN\Administrator" then I can access sharing directory.
Could you help me to explain what I am doing wrong with this configuration?

Thanks in advanced,
Mac Tieu.
Old 01-21-2013, 11:12 AM   #2
Ser Olmy
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 2,317

Rep: Reputation: Disabled
This could be a winbind separator issue. After all, the backslash is usually the escape character in Unix/Linux.

You could try escaping the backslash, like this:
valid users = @"ADDOMAIN\\Writers"
If that doesn't work, you could try changing the separator to, say, the "+" character with
winbind separator = +
in the "globals" section and
valid users = @"ADDOMAIN+Writers"
on the share.
Old 01-22-2013, 10:38 AM   #3
Registered: Jan 2010
Location: Vietnam
Distribution: Arch
Posts: 65

Original Poster
Rep: Reputation: 22

I've replaced separator to '+' as you guided but no success. After configed log level to 3 in smb.conf to examine log file, I can now access sharing resource by using group SID like:
valid users = 'S-1-5-21-1233234322-3234673423-5678456734-3457'
Is there any way to use group name instead of 'complex' SID string?

Thanks so much!
Old 05-28-2014, 12:48 PM   #4
LQ Newbie
Registered: May 2014
Posts: 1

Rep: Reputation: Disabled
I tested now, in Samba4 with internal dns: valid users = +"cmpc.leg\adm" and so is working perfectly.(cmpc.leg=realm and adm=group)


active directory, group, samba

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Write permission for group in samba share mandyapenguin Linux - Newbie 8 01-19-2012 10:38 AM
samba share write denied to group chapan Linux - Server 1 11-07-2011 04:41 PM
Group share directory permissions Neruocomp Linux - Server 1 07-08-2010 06:33 PM
how to share files and directory without group and world access Z038 Linux - General 8 08-11-2009 10:49 PM
Samba Share for Group bgeorge Linux - Newbie 2 12-19-2007 10:47 PM

All times are GMT -5. The time now is 01:16 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration