[Samba] Samba as PDC with nested groups
Gerald (Jerry) Carter
jerry at samba.org
Wed Jun 21 12:33:35 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stefan Pfetzing wrote:
> Hi,
>
> 2006/6/14, Gerald (Jerry) Carter <jerry at samba.org>:
>> Stefan Pfetzing wrote:
>> > Currently its not clear to me whether its possible
>> > to do nested groups with samba at all. AFAIK its
>> > possible to have Samba resolve nested groups when
>> > run as a domain member, but what about a PDC (and
>> > a BDC)?
>>
>> The NT4 model for nested groups is supported on Samba
>> DC's as well. You just have to run winbindd.
>
> I just tried to do so, but samba miserably fails when nss_ldap is not
> used. smbd complains about some users, which are in the ldap database,
> but cannot be looked up as posix user.
>
> Also, if I enable the lookup of the local domain, and run winbindd and
> have nss_winbind enabled, getent passwd does not lookup the
> user/group.
>
> So I don't get how I should use winbindd directly on the pdc.
Winbind on a PDC with only handle
(a) expanding local nested groups
(b) trusted users
All domain groups and domain users are handled by the passdb.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEmTyfIR7qMdg1EfYRAtgkAKCn+/PmiuiBZuU6t0FXGSJL7VqQVACeK2X1
1wSPLc4mqzGO6Md9Y7QP/l4=
=m1Wt
-----END PGP SIGNATURE-----
More information about the samba
mailing list