[Samba] Does Samba/Winbind not follow nested groups in AD?!?

Aaron Kincer kincera at gmail.com
Tue Dec 5 20:50:16 GMT 2006

I just simulated your scenario and  I have no problems.

1) User testing member of: group1

2) group1 member of group 2

3) group2 has rights to folderA

4) User testing can successfully open folderA.

5) Removing group2 rights from folderA results in access denied.

James A. Dinkel wrote:
> Here's the situation:  We have users who are members of groups and those
> groups are sometimes members of a 2nd level of groups.  If a folder has
> permissions assigned to a 2nd level group, then the user can not access
> the share.  Doing a "getent group | grep user | grep 2nd_level_group"
> also returns nothing.  Samba seems to not be recognizing that a user is
> a member of a group under another group.
> Is there any way to enable Samba, or Winbind, to follow down the group
> hierarchy?
> James Dinkel

More information about the samba mailing list