We've been using samba w/ ADS for quite ahile now and we're quite
happy with it. However, we have run into an interesting impasse
recently.
We have domains A and B. There is bi-directional trust between
the domains. The samba server has membership to domain A.
Recently a new share was created and it's access is controlled by
the domai ngroup A+group. A+group contains users from both domains.
The group also contains another group A+group2.
Users in A+group2 can do all exepected operations on the share.
Users in A+group from domain A can do all expected operations also.
Users from domain B can add files, but not delete or rename them.
Further:
getent group A+group
Only shows the members from domain A, not domain B. Also group
A+group2 does not show even though apparently the Right THing (tm)
is happening for them.
My major concern is why are users from domain B not showing up via
getent. I expect that they should. If they were I would expect
their delete and rename problems to go away.
I have created a server in domain B and created similar circumstances,
with the same behavior.
Also, what behavior should I expect from getent when a group is
included within a group? See the group listed? See the users of
the included group expanded? See nothing?
Or am I barking up the wrong tree completely...?
