[Samba] Samba + Nested Groups
Amauri Tiago Marx
acustic.listas at gmail.com
Thu Oct 30 16:17:54 GMT 2008
Hello for all,
I'm having a doubt that I could not find in samba man and even google.
My need is to do with samba ldap something similar to what the AD (NT4
does too?) made with windows nested groups, which include groups within
groups at different levels (not just one).
Problem example: create a local or global group (better yet) called
GRUPO_ALL, which contains two other global groups called GROUP1 and
GROUP2, which contain two other groups called GRUPO3 and GRUPO4, in
addition to global users in all groups. Thus, if I include permission
for access to the group GRUPO_ALL, all users children belonging to the
groups would have permission to access.
So look in manuals / internet, it would be possible through two ways:
winbind nested groups or winbind expand groups (after version 3.0.x).
However, I have no success to test with more than one level.
As I try to add a group inside the other through the net rpc, is
returned an error saying it could not find member.
Example:
# net rpc group addmem GRUPO_ALL GROUP1
Could not add GROUP1 to GRUPO_ALL: NT_STATUS_NO_SUCH_MEMBER
And when I try to add a local group and then add global groups in that
(as the manual explains), I can't list and not assign permissions to the
local group (file system permissions).
Example:
# net sam createlocalgroup GRUPO_ALL
Created local group GRUPO_ALL with RID 1009
# net sam addmem GRUPO_ALL GRUPO1
Added ATMSMB\GRUPO1 to ATMSMB\GRUPO_ALL
# net sam addmem GRUPO_ALL GRUPO2
Added ATMSMB\GRUPO2 to ATMSMB\GRUPO_ALL
# getent group GRUPO_ALL
(does not return anything)
Now, thank you very much for your attention.
Amauri
More information about the samba
mailing list