[Samba] nested groups not working with sudo and winbind
Gerald (Jerry) Carter
jerry at samba.org
Wed Apr 23 18:40:42 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Glenn Bailey wrote:
> Howdy folks,
>
> I'm having an issue with sudo not recognizing nested groups
> via AD and winbind. I have an AD group called UnixAdmins and
> when I ad and AD account *directly* into this group, I am able
> to use sudo just fine as it is in the sudoers. *but* say I
> have a nested group in UnixAdmins like CustomerUsers or whatnot
> it won't recognize. Now, I also restrict access via pam.d systems-auth
> to UnixAdmins, so I know that part it working. Also, when I run
> and "id" it shows the proper groups. It's just seems sudo won't
> recognize the nested groups :-(
>
> Anyone run into this issue before? It's gonna be an admin nightmare
> just to populate UnixAdmins with individual accounts ..
This was fixed in the upcoming 3.2 release. See the
"winbind expand groups" option.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFID4KqIR7qMdg1EfYRAgt2AJ93S4Ui1BCaODky99o5QOj9YHUE9gCg4fVD
w69AwDShdPp6xQGFeZmTUSA=
=Nu+h
-----END PGP SIGNATURE-----
More information about the samba
mailing list