Did you know  45Drives offers free  public and private  webinars ? Click here to learn more  & register! Build & Price

KB450445 – Setting Up Windows Active Directory Authentication SMB Shares

You are here:
  • KB Home
  • Samba
  • KB450445 – Setting Up Windows Active Directory Authentication SMB Shares


  • This article will show how to configure SMB shares to allow access via Windows Domain Authentication and handle permissions via Windows ACLs.


  • SMB Packages Installed
  • SMB Services Running and Enabled
  • SMB Ports Open on Firewall (133/tcp, 445/tcp and 137/udp, 138/udp)
  • Joined to an Active Directory if using Windows ACLs to manage share permissions.
  • Domain Group(s) that will handle assigning share permissions via Windows ACLs given SeDiskOperatorPrivilege permission.


Domain Authentication Access Share

  • For a basic Domain Authentication Access share, we must first ensure the permissions are set correctly on the directory we are sharing out.
  • The directory must be set to 770 by doing chmod 770 /path/to/share for permissions, and the owner user/group is set as root:DOMAIN\Domain Group by doing chown root:DOMAIN\Domain Group where Domain Group is an Active Directory group that will handle the assigning of permissions via Windows ACLs.
  • Once we have this completed, we can then utilize a share configuration similar to below to allow access, and assigning of permissions on the share through the use of Windows ACLs.
  • Note that selecting the Windows ACLs option within the File Sharing module adds the vfs objects and other parameters to the share automatically.
  • To ensure full use of Windows ACLs, ensure the owner group is given the SeDiskOperatorPrivilege so they can then modify and manage the SMB share permissions using Windows ACLs.
map acl inherit = Yes
path = /tank/samba-windows-acls
read only = No
vfs objects = acl_xattr
acl_xattr:ignore system acl = yes


  • We can now access our SMB shares using our Windows Active Directory Domain Credentials.


  • Ensure there are no typos within your share configuration parameters.
  • Ensure your system is already joined to your Windows Active Directory.

Further Reading

Was this article helpful?
Dislike 0
Views: 4132
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access