Reintroduce netgroups support?
Alexander Bokovoy
ab at samba.org
Fri Jun 3 11:27:34 UTC 2022
On pe, 03 kesä 2022, Rowland Penny via samba-technical wrote:
> On Fri, 2022-06-03 at 12:40 +0200, Samuel Cabrero wrote:
> > On Fri, 2022-06-03 at 11:10 +0100, Rowland Penny via samba-technical
> > wrote:
> > > On Fri, 2022-06-03 at 12:00 +0200, Samuel Cabrero via samba-
> > > technical
> > > wrote:
> > > > Hi,
> > > >
> > > > I have received some complains after we dropped netgroups support
> > > > in
> > > > Samba 4.15.0. Our release notes only mention we dropped NIS but
> > > > netgroups went with it.
> > >
> > > Well, netgroups are part of NIS
> >
> > Nowadays you can store netgroups in LDAP.
> >
> > https://ldapwiki.com/wiki/Netgroup
> >
> > https://www.linux.com/news/sysadmin-sysadmin-netgroups-are-not-just-nis-anymore/
>
> But using Samba with ldap basically requires SMBv1 and Samba is trying
> to remove this.
These are orthogonal things, absolutely. When you run Samba as a file
server, you are not limited by SMBv1. Your user and group information
can come from multiple sources, regardless how you are joined to domain
or not joined. SMB protocol version is irrelevant because the checks we
do for netgroups membership happen when we check access to shares, not
when we choose which protocol to use.
> > > > Some people still use netgroups without NIS, stored in LDAP and
> > > > made
> > > > available to the system through nss_sss, but it is also possible
> > > > to
> > > > use
> > > > /etc/netgroups.
> > >
> > > Why and how are they using a part of NIS without NIS ?
> >
> > The netgroups are stored in LDAP and used in the 'valid users' share
> > option.
>
> But, you really shouldn't use 'valid users' with AD, you should use
> ACL's
This is not always about 'AD member workstation' case. Samba does
support more use cases and they aren't being removed at all.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list