Please note that the result of the "id" command (or the "groups" command
as well) is different if it is run by root or by the user.
As root :
# id david : gives only the primary groups membership
As regular user :
[EMAIL PROTECTED] id : gives the full membership of all "groups in
groups" managed by winbind and A.D.
at least under Debian (Etch + Sarge).
But it seems that winbind on some occasions doesn't use the right
credentials to resolve nested groups. I have to tweak security in Active
Directory to gi ve additionnal "Read Permission" rights in Active
Directory in order to make it work, otherwise I only get primary groups.
Or it may be our active directory that is broken.
Yvan Broccard
Chris Smith a écrit :
On Tuesday 13 February 2007, Roger Prefontaine wrote:
On the Ubuntu server, "id DOMAINNAME+David", "id DOMAINNAME+david", and "id
David" only list the primary group, and "id david" lists all groups. All
of these combinations produce all groups on the CentOS server.
winbind use default domain = Yes
May not be much help but out of curiosity I tried the same test on a Samba
server that is also a member of an NT4 domain. It is running 3.0.24 plus the
6 Vista patches on a Gentoo server.
I don't use the "winbind use default domain = Yes" in smb.conf, but I did test
that way as well. Also I didn't change the default seperator.
With the "normal" setup (winbind use default domain = No):
--------------------------------------
id DOMAINNAME\\username - shows all groups
id DOMAINNAME\\USERNAME (or any permutation with a cap in the username) - only
primary group
id username - returns "No such user"
id USERNAME (or any permutation with a cap in the username) - returns "No such
user"
--------------------------------------
If I set "winbind use default domain = Yes" then:
--------------------------------------
id DOMAINNAME\\username - only primary group
id DOMAINNAME\\USERNAME (or any permutation with a cap in the username) - only
primary group
id username - shows all groups
id USERNAME (or any permutation with a cap in the username) - only primary
group
--------------------------------------
Chris
EDITED to add the other cases (id USERNAME).
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
