[Samba] Re: Winbind and AD groups containing groups

Rex Dieter rdieter at math.unl.edu
Fri Nov 10 18:34:58 GMT 2006

Gerald (Jerry) Carter wrote:

> Hash: SHA1
> Charles J Gruener wrote:
>> I tried searching through the archives, but was unable to find anything
>> about this.
>> Everything regarding windbind and AD membership is working perfectly with
>> one exception.  Here's an example of what I'm experiencing:
>> A group called "department_users" contains two groups
>> "department_faculty"
>> and "department_staff".  These two groups, "department_faculty" and
>> "department_staff" contain users.
>> 'getent group department_faculty' returns:
>> department_faculty:x:9315:user1,user2,user3
>> 'getent group department_staff' returns:
>> department_staff:x:9316:user4,user5,user6
>> 'getent group department_users' returns:
>> department_users:x:9317:
> Charles,  This is a known issue at the moment.  If we did
> a limited amount of nested group expansion (one level for
> example, would that be ok)?

For our deployment usecase, we'd need an absolute minimum of 3 levels of
expansion, depending on the definition of level.  For us we have:
user1 is a member of group1
group1 is a member of group2
group2 is a member of group3
We need to check if user1 is a member of group3.

-- Rex

More information about the samba mailing list