[Samba] Nested groups when using RFC2307

Andrew Bartlett abartlet at samba.org
Mon May 25 23:47:44 UTC 2020

On Mon, 2020-05-25 at 17:09 -0300, Marcio Merlone via samba wrote:
> Hi,
> Just noticed, I am unable to use nested groups when relying on
> RFC2307 
> for filesystem permissions, am I wright? What have I missed?
> (Samba 4.12 on Buster, 2008R2 domain level)
> Any migration path to stop using RFC2307 and go to pure idmap
> without 
> loosing all permissions on a 6T filesystem? Is that a solution?

I'm not sure what you are seeing, but using the RFC2307 idmap module
shouldn't stop the other group memberships from being set.  Do ensure
you are using winbindd and nss_winbind, not directly connecting nss to
AD with some other tool.

Andrew Bartlett
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

More information about the samba mailing list