[samba] users in multiple groups?
Paul Gienger
pgienger at ae-solutions.com
Mon Nov 1 15:57:13 GMT 2004
> every user is added to the group, but i cant seem to find a way for a
> user to be part of multiple groups, sambaPrimaryGroupSID isnt
> multi-valued, neither is gidNumber. Is there any way around this, has
> anybody have sugesstions?
Bone up on your UNIX group membership theory. Every user has a primary
group that is specified in their user account. Secondary groups are
applied 'backwards' to that setup. That means that users are added to
the group's entry in wherever that group is defined (/etc/group,
ou=Groups in a 'standard' LDAP DIT. You can have many many user entries
in each group (up to like 1024 characters long for the list I believe)
and the user can be both specified in the group object and have their
primary group as that group without causing issues.
There are a couple of commands that come in handy once you start setting
up secondary group memberships, and they work differently on different
os's. groups <username> and id <username> give interesting output:
[root at mail log]# id pgienger
uid=2266(pgienger) gid=2028(itserv)
groups=2028(itserv),3000(applied),2027(itadmin),2081(office),2082(projects),512(Domain
Admins)
[root at mail log]# groups pgienger
pgienger : itserv applied itadmin office projects Domain Admins
--
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Systems Architect Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba
mailing list