force group with security=ads, winbind and local(NIS) groups not working

Gerald (Jerry) Carter jerry at samba.org
Mon Mar 19 17:01:09 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hansjörg Maurer wrote:
> Hi Simo
> 
> we do not have ANY groups in windows appart from the 
> built-in groups. The Unix-system gets ALL ist user/group
> information from NIS. In the AD-domain we have all Users
> with identical Windows-User-names, and the fileservers (Samba
> and netapp) used to map this names to the unix-names automatically
> (using a Unix-Filesystem).
> 
> Up to 3.0.24 the  force group parameter in smb.conf seems to 
> use the unix group automatically.

You are mixing tokens.  You want to authenticate against
AD but not use the group token.  So don't run winbindd.
This will force smbd to attempt to map the Windows user
logged on via AD to a local Unix account and therefore
get the list of supplementary groups from Unix rather than
AD.




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF/sHVIR7qMdg1EfYRArr4AJ47VTemxtSYNB8xHMQ5mraO254Q7QCfRVVC
ZQLKc3ABJk6iL9UjEdoNOPs=
=VfX8
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list