[Samba] Re: ldapsearch and getent passd/group with nss winbind differs

Andreas Ladanyi knuffiandy at web.de
Wed Aug 20 17:40:23 GMT 2008


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Andreas Ladanyi wrote:
> 
>> Winbind honors the Windows group membership and not
>> necessarily "msSFU30PosixMemberOf" attributes.
>>
>>> So it should be enough if you give the Windows group a GID in tab "UNIX
>>> attribute" in Active Directory and you have to do nothing else for the
>>> Linux side ?!
> 
> 
> Yup.

Ok ! Could it be true this behavior is different between 
"security=domain" and "security=ads" ?

Because we had to put the user to the group:
- first on windows side in ActiveFirectory
- second on unix site in AD in the tab "Members of"

so winbind 3.0.24 client recognise the group membership on unix side in 
"security=domain" mode.

Now we changed to Samba 3.0.31 with security=ads mode and the behavior 
is a bit different.

??






More information about the samba mailing list