Reintroduce netgroups support?
Rowland Penny
rpenny at samba.org
Fri Jun 3 11:01:32 UTC 2022
On Fri, 2022-06-03 at 12:40 +0200, Samuel Cabrero wrote:
> On Fri, 2022-06-03 at 11:10 +0100, Rowland Penny via samba-technical
> wrote:
> > On Fri, 2022-06-03 at 12:00 +0200, Samuel Cabrero via samba-
> > technical
> > wrote:
> > > Hi,
> > >
> > > I have received some complains after we dropped netgroups support
> > > in
> > > Samba 4.15.0. Our release notes only mention we dropped NIS but
> > > netgroups went with it.
> >
> > Well, netgroups are part of NIS
>
> Nowadays you can store netgroups in LDAP.
>
> https://ldapwiki.com/wiki/Netgroup
>
> https://www.linux.com/news/sysadmin-sysadmin-netgroups-are-not-just-nis-anymore/
But using Samba with ldap basically requires SMBv1 and Samba is trying
to remove this.
>
> > > Some people still use netgroups without NIS, stored in LDAP and
> > > made
> > > available to the system through nss_sss, but it is also possible
> > > to
> > > use
> > > /etc/netgroups.
> >
> > Why and how are they using a part of NIS without NIS ?
>
> The netgroups are stored in LDAP and used in the 'valid users' share
> option.
But, you really shouldn't use 'valid users' with AD, you should use
ACL's
>
> > > I had a look to the removed code and I think it is possible to
> > > reintroduce netgroups support independently from NIS, using the
> > > getdomainname() function from glibc instead of
> > > yp_get_default_domain()
> > > from libnsl.
> > >
> > > Should we bring back netgroups support?
> >
> > I do not see the point, AD groups can do the same thing.
>
> AD is not involved here, this is a pure file server use case.
Then it definitely shouldn't be brought back, once SMBv1 is removed,
then standard ldap will very probably not be involved, just AD and
netgroups will not be required,
Why not get sssd to work with Windows AD groups ?
Rowland
More information about the samba-technical
mailing list