Hello all! Say, I create a "distribution group" on Windows ADS named "distgroup" add as a member a security group named "secgroup" with a user "robert" in it. Then when I look at the groups "robert" belongs to, the group "distgroup" is not listed (checked with "wbinfo -r"). Even after "winbind cache time" has long expired ;) The problem comes when I want to set ACLs to group "distgroup", then "robert" has no access. I haven't seen a bug report or any other mail concerning "distribution groups" so I don't think this is a known issue. But the question is: is winbind supposed to support groups in "distribution groups"? If yes, what do I have to do to make it work here as well? This is with version 3.0.10 and 3.0.7 (haven't had the chance to check other versions). Regards, Peter
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Kruse wrote: | Hello all! | | Say, I create a "distribution group" on Windows ADS named | "distgroup" add as a member a security group named "secgroup" with a | user "robert" in it. Then when I look at the groups "robert" belongs | to, the group "distgroup" is not listed (checked with "wbinfo -r"). | Even after "winbind cache time" has long expired ;) this is the different between a distribution group and a security group from what I understand. The behavior is by design. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB99OpIR7qMdg1EfYRApT5AKC0jOEoJfs3R/euFbyI/UbQJ9/QlwCfWAyT 1lNkClMcOjsMqSoiujd2EBM=VyPd -----END PGP SIGNATURE-----
Hello, Gerald (Jerry) Carter wrote:> > Peter Kruse wrote: > | > | Say, I create a "distribution group" on Windows ADS named > | "distgroup" add as a member a security group named "secgroup" with a > | user "robert" in it. Then when I look at the groups "robert" belongs > | to, the group "distgroup" is not listed (checked with "wbinfo -r"). > | Even after "winbind cache time" has long expired ;) > > this is the different between a distribution group and a > security group from what I understand. The behavior is > by design. >are you sure? That means if I add read permissions (via ACL) to a directory for group "distgroup" then the user "robert" still has no access rights. Although he is member of "secgroup" which is a member of "distgroup". This behaviour is intentionally "by design"? What are "distribution groups" then good for? Peter -- Peter Kruse <pk@q-leap.com>, Chief Software Architect Q-Leap Networks GmbH phone: +497071-703171, mobile: +49172-6340044