[Samba] Is Samba unable to resolve secodary group membership?
Rowland penny
rpenny at samba.org
Thu Oct 8 09:31:07 UTC 2020
On 08/10/2020 10:23, Michael Schwarz via samba wrote:
>
>
> Am 08.10.20 um 10:41 schrieb Rowland penny via samba:
>> On 08/10/2020 08:51, Michael Schwarz via samba wrote:
>>
>>> The setup at our university is not quite trivial. I can understand
>>> that. I'll try to explain it again in a different way:
>>
>> Lets see if I understand this, you have one kerberos domain for the
>> Linux machines and another kerberos domain for the Windows machines,
>> you have virtually the same users and groups in both. Why two
>> domains, why not just use the AD for both ? This would make your
>> setup trivial. I feel this is probably all down to department politics.
>>
>
> Yes this is correct. I'm not sure why there are two domains. I'm not
> working at the central computer center, but i'm sure, they have their
> reasons why they are doing it this way. We are only using this
> infrastructure. The LDAP is storing much more information than only
> simple posixAccounts. It might be, that an AD is not so flexible if
> you want to store more than the standard attributes. But i don't now
> in detail as i am not so familiar with windows ad services.
There are no posixAccounts in AD, there are just Accounts (but all the
RFC2307 attributes are available, so any account can be a Unix account)
and you will be surprised just how extendable the AD schema is. No, I
think it is just down to politics, Windows versus Linux politics :-)
Rowland
More information about the samba
mailing list