[Samba] Is Samba unable to resolve secodary group membership?

Michael Schwarz schwarz at uni-paderborn.de
Thu Oct 8 09:23:29 UTC 2020

Am 08.10.20 um 10:41 schrieb Rowland penny via samba:
> On 08/10/2020 08:51, Michael Schwarz via samba wrote:
>> The setup at our university is not quite trivial. I can understand 
>> that. I'll try to explain it again in a different way:
> Lets see if I understand this, you have one kerberos domain for the 
> Linux machines and another kerberos domain for the Windows machines, 
> you have virtually the same users and groups in both. Why two domains, 
> why not just use the AD for both ? This would make your setup trivial. 
> I feel this is probably all down to department politics.

Yes this is correct. I'm not sure why there are two domains. I'm not 
working at the central computer center, but i'm sure, they have their 
reasons why they are doing it this way. We are only using this 
infrastructure. The LDAP is storing much more information than only 
simple posixAccounts. It might be, that an AD is not so flexible if you 
want to store more than the standard attributes. But i don't now in 
detail as i am not so familiar with windows ad services.


More information about the samba mailing list