Is the "winbind nested groups" functionality not currently working in
Samba 3.0.23d? The readme files seem to indicate it should be (since
3.0.3), but then this message by Jerry to the list...
http://groups.google.com/group/linux.samba/msg/5ecc575f70af3c8c
...seems to indicate that there's some patch waiting for 3.0.24.
Unfortunately he's not specific as to what it solves.
I've actually tried it with the 3.0.10 that comes with RHEL4, 3.0.23d
straight from Samba.org, and 3.0.22 from Ubuntu on three different
servers. I have no trouble getting winbind talking to AD on any of
them, but all of them absolutely refuse to resolve membership of
anything nested in a local group.
My smb.conf is as follows:
[global]
workgroup = DOM1
realm = DOM1.DOMAIN.COM
security = ADS
password server = 192.168.1.37 192.168.1.33
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind nested groups = yes
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = no
allow trusted domains = yes
The goal is to create a local group on DOM1 that contains a global
group of users from DOM1 as well as a global group from trusted
domain DOM2. I'd like to assign rights to the local group, and
therefore allow anyone in either of the global groups access.
Am I just missing something?
--
Joshua Penix http://www.binarytribe.com
Binary Tribe Linux Integration Services & Network Consulting