[Samba] Samba / ADS / LDAP 'unknown' Domain Groups

Benoit Panizzon benoit.panizzon at imp.ch
Tue Mar 15 11:06:43 GMT 2005


Hi all

Situation:

Samba 3.0.11 FreeBSD 5
nss_ldap
pam_krb5
Connecting to W2k3 ADS with installed MSSFU. (LDAP Posix Schema)

pw user show -a
pw group show -a

both work.
Authentication via Kerberos works fine.

Users have access via samba to the files and directories that belong to them.

But not to the Files belonging to their group.

The 'Security' Tab under Windows shows the groups as local groups on the Unix 
System instead as domain groups.

I know, when I use winbindd as NSS, I should get an output of the form:

DOMAIN+Group:*:gid:users

With nss_ldap I get:

Group:*:gid:users

This could be confusing the Windows Client and make them think that those are 
local groups.

How can I fix this problem?

We cannot use winbindd for ID-Mapping as we have a mixed Unix/Windows 
environement and this would completely mess up Unix ID's on all systems.

Regards
-- 
Benoît Panizzon, <bp at imp.ch>
------------------------------------------------------------------------
ImproWare AG, UNIXSP & ISP                     Phone: +41 61 826 93 00
Zurlindenstrasse 29                            Fax:   +41 61 826 93 01
CH-4133 Pratteln                               Net:   http://www.imp.ch/
------------------------------------------------------------------------


More information about the samba mailing list