[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Rowland penny
rpenny at samba.org
Tue Jun 18 08:22:23 UTC 2019
On 17/06/2019 22:12, Rowland penny via samba wrote:
> As far as I am aware, very little. One thing I am now aware of is GPO
> for Unix, there is also the caching of sudo rules from AD, but sudo
> now has a command to create sudo rules from ldap and I am sure that
> this could be scripted around to cache them instead. The one thing I
> am unsure about is the one real thing you mention, security groups,
> and this is only because I have never tried it, I do feel that you
> should be able to do this with winbindd, if only because sssd can do
> it and they use a version of part of the winbindd code. I will do some
> testing and get back to you ;-)
OK, I created a new share and two new unix groups and set ownership to
'root' and one of the new groups. I added the second group to the first
group as a member (and its only member) and then added a user to the
second group.
Logged into win7 as the user, opened Windows Explorer -> Network and
navigated to the share and created a new txt document, which worked. So,
yes, it looks like nested groups work with winbindd.
Rowland
More information about the samba
mailing list