[Samba] nested groups not working with sudo and winbind

Glenn Bailey gbailey at terremark.com
Wed Apr 23 21:31:43 GMT 2008


>> I'm having an issue with sudo not recognizing nested groups via AD and
>> winbind. I have an AD group called UnixAdmins and when I ad and AD
>> account *directly* into this group, I am able to use sudo just fine as
>> it is in the sudoers. *but* say I have a nested group in UnixAdmins
>> like CustomerUsers or whatnot it won't recognize. Now, I also restrict
>> access via pam.d systems-auth to UnixAdmins, so I know that part it
>> working. Also, when I run and "id" it shows the proper groups. It's
>> just seems sudo won't recognize the nested groups :-(
>>
>> Anyone run into this issue before? It's gonna be an admin nightmare
>> just to populate UnixAdmins with individual accounts ..

> This was fixed in the upcoming 3.2 release.  See the "winbind expand groups" option.

is there anyway to patch 3.0.28a to allow for this? or any kind of workaround?

Glenn E. Bailey III
terremark worldwide


More information about the samba mailing list