Domain local groups?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Apr 5 15:10:02 GMT 2005
On Tue, Apr 05, 2005 at 09:47:53AM -0500, Gerald (Jerry) Carter wrote:
> The original code was based on the understanding that domain local
> groups are only valid in our domain (in a native 2k domain). Are domain
> local groups from a parent domain even meaningful in a child domain ?
> This could be my bug based on a misunderstanding. But it was tested a
> good deal during the PSA development cycle and did what it was intended
> to do.
Ok, tested the following:
W2K3AD (win2003sp1 native domain)
W2K3AD trusts WINDOWS (nt4 domain)
WINDOWS\vl is member of global group WINDOWS\global
WINDOWS\global is member of W2K3AD\doml1
XPPRO (an XPSP2 workstation) is member of W2K3AD.
If I grant access rights for W2K3AD\doml1 on a directory on XPPRO, smbclient
can cd into that directory. If I revoke access to W2K3AD\doml1, I get
ACCESS_DENIED.
To me this sounds as if we have a problem in winbind, as "domain->primary"
would point to WINDOWS, "domain" is vl's domain, not our primary one.
Hmmm. Could you follow me? :-)
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050405/d01f32ec/attachment.bin
More information about the samba-technical
mailing list