[Samba] Nested Groups
Harry Jede
walk2sun at arcor.de
Thu Dec 25 18:19:45 GMT 2008
Hi all,
I'm not able to create localgroups as described
in "docs/man/Samba-HOWTO-Collection/groupmapping.html"
I have tested Samba 3.2.5 and 3.2.6 on Debian lenny.
As usual I am using openldap as backend.
First I have tested with smbldap-tools, then I have switched to
ldapsam:editposix = yes
ldapsam:trusted = yes
and removed all the script entries from smb.conf.
The result is always the same:
Localgroups are created with:
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaGroupType: 4
Globalgroups are created with:
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
The very ugly result is, that getent is not able to resolve any local
group, as stated in groupmapping.html.
A solution may be, that the code that create the localgroups, share the
code which create global groups ???
Any Ideas?
PS
Even if I manually create a localgroup with the objectclasses from
rfc2307, like so:
objectClass: top
objectClass: sambaSidEntry
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: extensibleObject
cn: ab38
gidNumber: 6005
sambaSID: S-1-5-21-2462391502-1360153102-2655098952-5080
sambaGroupType: 4
displayName: ab38
memberUid: domadmins
sambaSIDList: S-1-5-21-2462391502-1360153102-2655098952-512
is the reult the same.
net rpc group members
will list all members of nested groups, getent will not :-(
if I switch sambaGroupType to 2, both will work
--
Gruss
Harry Jede
More information about the samba
mailing list