[Samba] Re: Winbind and AD groups containing groups
Rex Dieter
rdieter at math.unl.edu
Fri Nov 10 18:34:58 GMT 2006
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Charles J Gruener wrote:
>> I tried searching through the archives, but was unable to find anything
>> about this.
>>
>> Everything regarding windbind and AD membership is working perfectly with
>> one exception. Here's an example of what I'm experiencing:
>>
>> A group called "department_users" contains two groups
>> "department_faculty"
>> and "department_staff". These two groups, "department_faculty" and
>> "department_staff" contain users.
>>
>> 'getent group department_faculty' returns:
>>
>> department_faculty:x:9315:user1,user2,user3
>>
>> 'getent group department_staff' returns:
>>
>> department_staff:x:9316:user4,user5,user6
>>
>> 'getent group department_users' returns:
>>
>> department_users:x:9317:
>
> Charles, This is a known issue at the moment. If we did
> a limited amount of nested group expansion (one level for
> example, would that be ok)?
For our deployment usecase, we'd need an absolute minimum of 3 levels of
expansion, depending on the definition of level. For us we have:
user1 is a member of group1
group1 is a member of group2
group2 is a member of group3
We need to check if user1 is a member of group3.
-- Rex
More information about the samba
mailing list