Hello world,

here my scenario: i have a webdevelopment server as a domain member and i need the apache user in one of the domain groups so that apache can access readable and writeable files by the webdev group. The problem now is that you can't add unix users to a windows group because the unix user doesn't exist on the windows machine. BUT: you can map an existing unix group to an existing windows group so that the unix group is like an alias for the windows one and add the unix user to that group… and it is quite easy.

Let's say you have group1 on windows and domgroup1 on unix. Here is how to do it:

create a new unix group
# groupadd domgroup1

now map the groups
# net groupmap add ntgroup="group1" unixgroup="domgroup1" type=domain

list the mapped groups
# net groupmap list

now restart samba
# /etc/init.d/smb restart

The only thing left you have to do now is to add the user add to your domgroup1 in /etc/group