samba 3.5.6: winbind: relation UNIX groups vs Windows domain groups
joris.weijters at lekkerland.nl
joris.weijters at lekkerland.nl
Tue Feb 22 03:33:04 MST 2011
Due to a new implementation of the Microsoft domain infrastructure, an
upgrade from 2003 to 2008R2, We can't use our old Samba setup, where the
samba server could use Server security and user mappings to our AIX
environment, using an easy setup, we have to migrate to a new structure.
The only setup which seems to work is useing ADS Security.
However we now run into an other problem, the maximum amount of groups for
a user. In AIX 6.1 this is limited to 128.
There is a strange thing happening with groups however. This is what I
encounter
In the Windows AD i am in 30 groups.
however at the samba server I seem to be in 44 groups.
If I look at the samba server using wbinfo is see:
wbinfo -r j.weijters |wc -l
44
wbinfo -n j.weijters
S-1-5-21-3557417485-523919932-4117696306-1580 SID_USER (1)
wbinfo --user-domgroups S-1-5-21-3557417485-523919932-4117696306-1580 |wc
-l
30
This is the WINBID part of my smb.conf
# WINBIND
winbind separator = +
winbind normalize names = yes
idmap uid = 10001-30000
idmap gid = 10001-30000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = no
winbind expand groups = 0
hide special files = Yes
template homedir = /usrdata/home/%U
template shell = /usr/bin/ksh
load printers = No
What is the relation between the Windos groups and the Unix groups?
More information about the samba-technical
mailing list