Samba - User Group Mappings

Posted on 2007-07-23
Last Modified: 2013-12-16
I'm currently configuring a Samba server on a Debian box and everything is going fine at the moment, except for this small issue.

Basically I need my users to have their primary unix group set to various different groups, but I also need them to be power users on their windows machines. Each user is part of the mapped power users group, but they do not have power user access on the domain unless I set their primary user group to the mapped group. This causes problems however as I need them in their existing groups.

Is there a way to map more than on unix group to a single samba group? Or is there some other way I can do this?
Question by:mundyl
    LVL 43

    Expert Comment

    You will do it with 'net' command
    net -w DOMAINNAME groupmap list # will show current mappings

    Author Comment


    If you re-read my question I have already mapped a unix group to the required NT groups, what I'm trying to do is map multiple unix groups to nt groups.

    The group mapping only works for users who's primary group is the same as the mapped group, for example lets say that the group "powerusers" is mapped to the nt group "Power Users". Users logging onto the domain will only be considered a part of the Power User's group is their primary unix group is "powerusers"

    Lets say we have three users that need power user access: jbloggs, sjones, jdoe. jbloggs' primary group is accounts, sjones' primary group is reception and jdoe's primary group is sales. Each user's primary group already allows them access to certain files on the network, but I need them to still be Power Users on their Windows machines. I can't change their primary group membership to powerusers as this will remove their access to group specific files. What I need to be able to do is map the groups accounts, reception and sales to the Power User nt group.
    LVL 8

    Accepted Solution

    best choice would be to forget about the primary group thing altogether, except : just stick them into a group that is mapped to the power user nt group and do the rest with acls in the file system. (of course your fs then needs acl support, but I hint that you've already installed it like that ...

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now