[Samba] Upgraded a member server to 4.8, rfc2307 data?
Rowland Penny
rpenny at samba.org
Thu Sep 6 12:29:12 UTC 2018
On Thu, 6 Sep 2018 14:20:42 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > And in addition to Rowland comment, i'll show how i use it.
>
> Thanks. I add a note myself.
>
> Only 'non-primary groups' get listed in memberOf/member data in LDAP,
> so if you need to get 'group membership' for other tools/app/... you
> 'lost' (apart doing some complex queries...) the default group.
>
> I've found web interfaces that are able to do also 'nested group
> expansions', but (by default) does not lookup primaryGroupID/gidNumber
> (because, indeed, is a totally different query).
>
>
> So, probably the best thing to do is to keep 'Domain Users' as default
> group and stop.
>
I have never understood why people want different primary groups for
Unix users in AD. You can get something similar by denying access to a
share from the 'Domain Users' group and allowing access from another
group.
Rowland
More information about the samba
mailing list