[Samba] Does Samba/Winbind not follow nested groups in AD?!?
Aaron Kincer
kincera at gmail.com
Wed Dec 6 13:22:18 GMT 2006
James,
You are correct--I don't have windbind nested groups = yes set in my
smb.conf. Yes, default 3.0.22. I followed the Ubuntu configuration
instructions to the letter found in the Ubuntu forums that I've posted
before with only the changes you've seen in my smb.conf. Here is the
link to the forum post:
http://ubuntuforums.org/archive/index.php/t-91510.html
If you have a machine you can throw together as a test machine, fire it
up as a stock install and follow these instructions to the letter (if
you didn't on your production box) and see if you have any success.
Here's where the rubber meets the road. If your test machine correctly
nests permissions, then there is something wrong with your production
config. If it doesn't, then you have something going on in Active Directory.
One more thing--I'm using POSIX ACLs for permissions. Are you?
James A. Dinkel wrote:
>> -----Original Message-----
>> From: Matt Skerritt
>>
>> There is an option in smb.conf called "winbind nested groups" ... and
>> the help text from swat says:
>>
>> "winbind nested groups (G)
>>
>> If set to yes, this parameter activates the support for nested
>> groups. Nested groups are also called local groups or aliases. They
>> work like their counterparts in Windows: Nested groups are defined
>> locally on any machine (they are shared between DC's through their
>> SAM) and can contain users and global groups from any trusted SAM. To
>> be able to use nested groups, you need to run nss_winbind.
>>
>> Please note that per 3.0.3 this is a new feature, so handle with
>> care.
>>
>> Default: winbind nested groups = no"
>>
>> So I'm guessing that you want to set winbind nested groups = yes in
>> your smb.conf.
>>
>> --
>> Matt Skerritt
>> matt.skerritt at agrav.net
>>
>
> I've put the "winbind nested groups = yes" in the global section of my
> samba.conf. (Sorry, I did go over the swat help text, I must have
> missed this). I went ahead and rebooted the server and tried it again,
> but it's still a no-go.
>
> Aaron, in the smb.conf you showed me, you did not have "winbind nested
> groups = yes" ?!? I don't remember if you've told me, but are you using
> the default Samba 3.0.22 that comes with Ubuntu 6.06?
>
> Could there be something wrong with my Winbind setup? Something that
> has to do with nss_winbind maybe? Is there any way I can test this from
> the Samba server, using wbinfo maybe?
>
>
More information about the samba
mailing list