[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication

Rowland penny rpenny at samba.org
Tue Jun 18 08:22:23 UTC 2019

On 17/06/2019 22:12, Rowland penny via samba wrote:
> As far as I am aware, very little. One thing I am now aware of is GPO 
> for Unix, there is also the caching of sudo rules from AD, but sudo 
> now has a command to create sudo rules from ldap and I am sure that 
> this could be scripted around to cache them instead. The one thing I 
> am unsure about is the one real thing you mention, security groups, 
> and this is only because I have never tried it, I do feel that you 
> should be able to do this with winbindd, if only because sssd can do 
> it and they use a version of part of the winbindd code. I will do some 
> testing and get back to you ;-)

OK, I created a new share and two new unix groups and set ownership to 
'root' and one of the new groups. I added the second group to the first 
group as a member (and its only member) and then added a user to the 
second group.

Logged into win7 as the user, opened Windows Explorer -> Network and 
navigated to the share and created a new txt document, which worked. So, 
yes, it looks like nested groups work with winbindd.


More information about the samba mailing list