[samba] users in multiple groups?

Paul Gienger pgienger at ae-solutions.com
Mon Nov 1 16:46:17 GMT 2004 

> (itacs). I also want to be a member of domain admins, so i add another 
> memberUid = ws0dwi in the domain admin group in LDAP, my

if you do
getent groups

does your domain admin group show up?  Of course you could always 
restart nscd if you haven't, just to make sure you're not geting into a 
cache issue. 

Making some assumptions on what you said, it sounds like your Domain 
Admins groups isnt mapped to a valid UNIX group, which it must be.  If 
you're running samba in the traditional LDAP sense with smbldap-tools, 
the smbldap-populate script would have done this for you.

>
>
>
>
>
>
>
>
>
> Paul Gienger wrote:
>
>>
>>> every user is added to the group, but i cant seem to find a way for 
>>> a user to be part of multiple groups, sambaPrimaryGroupSID isnt 
>>> multi-valued, neither is gidNumber. Is there any way around this, 
>>> has anybody have sugesstions?
>>
>>
>>
>> Bone up on your UNIX group membership theory.  Every user has a 
>> primary group that is specified in their user account.  Secondary 
>> groups are applied 'backwards' to that setup.  That means that users 
>> are added to the group's entry in wherever that group is defined 
>> (/etc/group, ou=Groups in a 'standard' LDAP DIT.  You can have many 
>> many user entries in each group (up to like 1024 characters long for 
>> the list I believe) and the user can be both specified in the group 
>> object and have their primary group as that group without causing 
>> issues.
>>
>> There are a couple of commands that come in handy once you start 
>> setting up secondary group memberships, and they work differently on 
>> different os's.  groups <username> and id <username> give interesting 
>> output:
>> [root at mail log]# id pgienger
>> uid=2266(pgienger) gid=2028(itserv) 
>> groups=2028(itserv),3000(applied),2027(itadmin),2081(office),2082(projects),512(Domain 
>> Admins)
>> [root at mail log]# groups pgienger
>> pgienger : itserv applied itadmin office projects Domain Admins
>>
>
>

-- 
--
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com

More information about the samba mailing list