Gerald Carter wrote: > Mark Beierl wrote: > >> But it still does not work for AD groups: >> >> mbei...@mark-laptop:~$ grep domain^users /etc/group >> admin:x:120:domain^users >> > > Not supposed to. The files NSS provider included with the OS > does not support nested groups. If you just want to give them > sudo access, then you can easily update /etc/sudoers. > > Ah. That's the difference. I had wanted to assign members of say "AD\teachers to the "teachers" group, and "AD\students" to a students group so that students cannot read teachers files, but teachers can read students, etc... It's not about the admin group for sudoers, there's other groups that I was intending to use for my kid's school infrastructure. But I have a feeling that this is "Enterprise" functionality, not "Open".
Thanks again for your help. I think the pam group trick will work for what I need as I can assign domain groups to local groups that way instead of having to list every domain user in /etc/group. Regards, Mark _____________________________________________________________________ Likewise-open-discuss mailing list Likewise-open-discuss@lists.likewiseopen.org Found a bug? Please file a report: http://lobugs.likewise.com/ Looking for other discussion options? Try our forums: http://www.likewise.com/community/index.php/forums/
