[Samba] linux groups & NT global groups with winbindd

MCCALL,DON (HP-USA,ex1) don_mccall at hp.com
Tue Feb 12 13:38:14 GMT 2002

Hi Doug,
I'm going to make an educated guess: NO.
at least on HP-UX, the entries in the /etc/group file
are of the form

NOTE the "username"....
Unix (afaik) does not support the concept of 'nested' groups.
a Unix group contains names that resolve to UIDS, not GIDS.
On top of this, there is also the fact that when you authenticate
via winbindd, you are authenticating as the NT user, and will
be bounded by the NT groups you are a member of.  So when samba
is checking to see what groups you are a member of, it's not looking
in the /etc/group file at all.  I'm NOT looking at the code while I'm
writing this, so I could be wrong - I graciously accept corrections,
if any one knows different...
So I wouldn't expect this to work.
Hope this helps,

-----Original Message-----
From: Doug Aldridge [mailto:doug at aldridge.net]
Sent: Tuesday, February 12, 2002 4:20 PM
To: samba at lists.samba.org
Subject: [Samba] linux groups & NT global groups with winbindd

I posed this question earlier but it was with another question and I think
it got lost.

I have winbindd up and running and working great.

If I add NT domain users to an NT domain global group, add that group to a
local linux group in /etc/group, and then assign that local linux group
ownership of an object (file or dir) should this work? In other words, can
you still use local linux groups as you would local groups on an NT member
server once winbindd is running?


To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list