[Samba] winbind and distribution groups - solved
pk at q-leap.com
Mon Jan 31 13:48:30 GMT 2005
This is for the record, thanks for your patience.
> Gerald (Jerry) Carter wrote:
>> Peter Kruse wrote:
>> | Say, I create a "distribution group" on Windows ADS named
>> | "distgroup" add as a member a security group named "secgroup" with a
>> | user "robert" in it. Then when I look at the groups "robert" belongs
>> | to, the group "distgroup" is not listed (checked with "wbinfo -r").
>> | Even after "winbind cache time" has long expired ;)
>> this is the different between a distribution group and a
>> security group from what I understand. The behavior is
>> by design.
> are you sure? That means if I add read permissions (via ACL) to a
> directory for group "distgroup" then the user "robert" still has no
> access rights. Although he is member of "secgroup" which is a member of
> "distgroup". This behaviour is intentionally "by design"? What are
> "distribution groups" then good for?
Because our domain controller did not run in native mode,
I was not able to add a group to a security group. And I thought
"I can only add groups to distribution groups". This is not
true which I found out after switching to native mode.
Indeed distribution groups are different:
"Distribution groups are not security-enabled. They cannot be listed in
So my fault, there wasn't a problem to begin with.
Peter Kruse <pk at q-leap.com>, Chief Software Architect
Q-Leap Networks GmbH
phone: +497071-703171, mobile: +49172-6340044
More information about the samba