[Samba] Re: Winbind and AD groups containing groups
rdieter at math.unl.edu
Fri Nov 10 18:34:58 GMT 2006
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Charles J Gruener wrote:
>> I tried searching through the archives, but was unable to find anything
>> about this.
>> Everything regarding windbind and AD membership is working perfectly with
>> one exception. Here's an example of what I'm experiencing:
>> A group called "department_users" contains two groups
>> and "department_staff". These two groups, "department_faculty" and
>> "department_staff" contain users.
>> 'getent group department_faculty' returns:
>> 'getent group department_staff' returns:
>> 'getent group department_users' returns:
> Charles, This is a known issue at the moment. If we did
> a limited amount of nested group expansion (one level for
> example, would that be ok)?
For our deployment usecase, we'd need an absolute minimum of 3 levels of
expansion, depending on the definition of level. For us we have:
user1 is a member of group1
group1 is a member of group2
group2 is a member of group3
We need to check if user1 is a member of group3.
More information about the samba