[Samba] Does Samba/Winbind not follow nested groups in AD?!?
James A. Dinkel
jdinkel at bucoks.com
Thu Dec 7 23:23:14 GMT 2006
Well, I think I'm giving up. I've tried following that guide. I've
tried replacing my smb.conf to look just like yours. I've tried a bunch
of other things that I though might do something.
For the life of me, I can not get nested groups to work on this server.
James Dinkel
> -----Original Message-----
> From: Aaron Kincer
>
> James,
>
> You are correct--I don't have windbind nested groups = yes set in my
> smb.conf. Yes, default 3.0.22. I followed the Ubuntu configuration
> instructions to the letter found in the Ubuntu forums that I've posted
> before with only the changes you've seen in my smb.conf. Here is the
> link to the forum post:
>
> http://ubuntuforums.org/archive/index.php/t-91510.html
>
> If you have a machine you can throw together as a test machine, fire
it
> up as a stock install and follow these instructions to the letter (if
> you didn't on your production box) and see if you have any success.
>
> Here's where the rubber meets the road. If your test machine correctly
> nests permissions, then there is something wrong with your production
> config. If it doesn't, then you have something going on in Active
> Directory.
>
> One more thing--I'm using POSIX ACLs for permissions. Are you?
>
> James A. Dinkel wrote:
> >> -----Original Message-----
> >> From: Matt Skerritt
> >>
> >> There is an option in smb.conf called "winbind nested groups" ...
and
> >> the help text from swat says:
> >>
> >> "winbind nested groups (G)
> >>
> >> If set to yes, this parameter activates the support for nested
> >> groups. Nested groups are also called local groups or aliases. They
> >> work like their counterparts in Windows: Nested groups are defined
> >> locally on any machine (they are shared between DC's through their
> >> SAM) and can contain users and global groups from any trusted SAM.
To
> >> be able to use nested groups, you need to run nss_winbind.
> >>
> >> Please note that per 3.0.3 this is a new feature, so handle
with
> >> care.
> >>
> >> Default: winbind nested groups = no"
> >>
> >> So I'm guessing that you want to set winbind nested groups = yes in
> >> your smb.conf.
> >>
> >> --
> >> Matt Skerritt
> >> matt.skerritt at agrav.net
> >>
> >
> > I've put the "winbind nested groups = yes" in the global section of
my
> > samba.conf. (Sorry, I did go over the swat help text, I must have
> > missed this). I went ahead and rebooted the server and tried it
again,
> > but it's still a no-go.
> >
> > Aaron, in the smb.conf you showed me, you did not have "winbind
nested
> > groups = yes" ?!? I don't remember if you've told me, but are you
using
> > the default Samba 3.0.22 that comes with Ubuntu 6.06?
> >
> > Could there be something wrong with my Winbind setup? Something
that
> > has to do with nss_winbind maybe? Is there any way I can test this
from
> > the Samba server, using wbinfo maybe?
> >
> >
More information about the samba
mailing list