Grant Bigham
2005-Jun-23 06:29 UTC
[Samba] 3.0.20pre1 - Test in NT4 Domain using "winbind nested groups"
Guys, I've been testing functionality of this new release in my playpen
setup. So far things appear to be working ok, however in an NT4 Domain
with "winbind nested groups = yes" defined I see none of the NT4
DC's
local groups in Samba, either via wbinfo -g, getent group, or via
Windows Explorer security dialogs.
Presumably the reasonably recent nested groups support will work in an
NT4 domain, as it appears to in ADS (although I've not yet tested in ADS
envr myself, yet)?
Envr: SLES8 2.4.21-278 Kernel, glibc-2.2.5-231
Arch: (s390)
excerpt from smb.conf:
[global]
workgroup = DBR05A
netbios name = SLES81
netbios aliases = THOME VHOME QHOME
server string = SLES8 Samba Test Server
os level = 65
domain master = no
domain logons = no
preferred master = no
local master = no
wins server = 10.250.0.110
security = DOMAIN
encrypt passwords = yes
password server = gollum
max mux = 500
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind nested groups = yes
deadtime = 60
smb ports = 139 445
###########################################################
## Start of the default options for defined shares ##
###########################################################
browseable = yes
read only = no
nt acl support = yes
guest ok = no
inherit acls = yes
inherit owner = yes
; inherit group = yes
dos filetimes = yes
map acl inherit = yes
store dos attributes = yes
vfs objects = audit
I plan to test this on x86 arch also, but expect the same unless this is
an endian bug.
Cheers, Grant
Gerald (Jerry) Carter
2005-Jun-27 15:00 UTC
[Samba] 3.0.20pre1 - Test in NT4 Domain using "winbind nested groups"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Grant Bigham wrote:> Guys, I've been testing functionality of this new release in > my playpen setup. So far things appear to be working ok, however > in an NT4 Domain with "winbind nested groups = yes" defined I see > none of the NT4 DC's local groups in Samba, either via wbinfo > -g, getent group, or via Windows Explorer security dialogs.You shouldn't actually. Domain local groups in an NT 4 domain are only availble to DC's. The nested group support in winbindd is for cerate local groups (to the samba server) which can include arbitrary SIDs. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCwBR9IR7qMdg1EfYRAkChAKCqpqJ/uOBxlcJ6Lc1evc1E5AnR0ACg70KC 5qEK3vfQpuqE1bYgo9ZoxUE=ozi8 -----END PGP SIGNATURE-----
Possibly Parallel Threads
- 2.0.7 -> 3.0.0 upgrade
- [PATCH v3] v2v: linux: use NEVR for querying RPM packages (RHBZ#1669395)
- [PATCH v2] v2v: linux: use NEVR for querying RPM packages (RHBZ#1669395)
- Re: [PATCH] v2v: linux: use NEVR for querying RPM packages (RHBZ#1669395)
- [PATCH] v2v: linux: use NEVR for querying RPM packages (RHBZ#1669395)