[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Rowland penny
rpenny at samba.org
Tue Jun 18 11:59:04 UTC 2019
On 18/06/2019 12:47, Goetz, Patrick G via samba wrote:
> On 6/18/19 3:22 AM, Rowland penny via samba wrote:
>> OK, I created a new share and two new unix groups and set ownership to
>> 'root' and one of the new groups. I added the second group to the first
>> group as a member (and its only member) and then added a user to the
>> second group.
>>
>> Logged into win7 as the user, opened Windows Explorer -> Network and
>> navigated to the share and created a new txt document, which worked. So,
>> yes, it looks like nested groups work with winbindd.
>>
> Where did you create the unix groups?
>
>
I would have thought that was obvious due to the fact that you cannot
add a group to a group on Unix ;-)
But anyway, I created them in AD using samba-tool:
samba-tool group add nesttestA --nis-domain=samdom --gid-number=10015
However, it wasn't until after I posted that I realised I have been
using nested groups for years. I use a Unix group called 'Unix Admins',
which is a member of 'Domain Admins'. I do this so I do not have to give
'Domain Admins' a gidNumber, 'Unix Admins' inherits all of 'Domain
Admins' permissions.
Rowland
More information about the samba
mailing list