AW: [Samba] samba and BUILTIN groups

Horchler, Joerg joerg.horchler at coremedia.com
Fri Aug 25 10:04:35 GMT 2006 

Hi Jerry, 
 
just a question to what I don't understand: I think on both servers nested groups work correct (for example: I'm member of the group "sysop" which has no unix ID. The group "sysop" itself is member of the group "admin" which has the unix gid 500 in our Active Directory. When I type "id -a jhorchle" then I can see that I'm in the group 'admin'. This is the correct behaviour isn't it?)
So our idmap backend is 'ad' but nested groups are working. 
 
I will check krb5 to see whether this works. 
 
Cheers 
Jörg

________________________________

Von: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Gesendet: Mo 21.08.2006 23:12
An: Horchler, Joerg
Cc: samba at lists.samba.org
Betreff: Re: [Samba] samba and BUILTIN groups



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jörg Horchler wrote:

> 'winbind nss info' from 'sfu' to 'rfc2307' everything
> worked as expected in the first look. Winbind resolved
> our Windows-Users and groups correct. (wbinfo and
> getent work perfect!)
>
> But when I try to connect to a share on the server
> I get the following error:
>
> [2006/08/18 15:22:19, 0] auth/auth_util.c:create_local_nt_token(903)
>   create_local_nt_token: Failed to create BUILTIN\Administrators group!


There's a limitation that nested groups can only work
if you have a allocating idmap backend (tdb or ldap).
Please file a bug to help me track this.

But this is not causing the authentication failure you
are seeing.  CHeck your Krb5 client install to track that
down.





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org <http://www.samba.org/> 
Centeris                         -----------  http://www.centeris.com <http://www.centeris.com/> 
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org <http://enigmail.mozdev.org/> 

iD8DBQFE6iHIIR7qMdg1EfYRAhZYAKCMhndL75xhpItANgoBlSo7fhcOSQCeLBj/
DtikkPKI3p8yLUTU8fuHWRo=
=ASuu
-----END PGP SIGNATURE-----

More information about the samba mailing list