Nested group support....

Jacob Wilkins jacob.wilkins at
Wed Jun 16 14:37:07 GMT 2004

I'm running Samba 3.0.4 with nested groups enabled.

I'm finding that nested groups work in some cases, but not in others.
I'm working with ADS on Windows 2003.

My samba server is configured to use libnss_winbind and pam_krb5. The
only local account on the machine is root. Using pam_access, I'm
trying to restrict logins to the linux box to members of a particular
group. Users that are added directly to that group are able to login,
however, users in groups that are added cannot.

getent group does not show the nested usernames. However, for the
purposes of file permissions, group nesting seems to work quite well.

For now, I've unrolled the group by hand in AD. I'd like to get it
working without that hack.

Any suggestions?

More information about the samba-technical mailing list