-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Bailey wrote: |>> I'm having an issue with sudo not recognizing nested groups via AD and |>> winbind. I have an AD group called UnixAdmins and when I ad and AD |>> account *directly* into this group, I am able to use sudo just fine as |>> it is in the sudoers. *but* say I have a nested group in UnixAdmins |>> like CustomerUsers or whatnot it won't recognize. Now, I also restrict |>> access via pam.d systems-auth to UnixAdmins, so I know that part it |>> working. Also, when I run and "id" it shows the proper groups. It's |>> just seems sudo won't recognize the nested groups :-( |>> |>> Anyone run into this issue before? It's gonna be an admin nightmare |>> just to populate UnixAdmins with individual accounts .. | |> This was fixed in the upcoming 3.2 release. See the "winbind expand groups" option. | | is there anyway to patch 3.0.28a to allow for this? or | any kind of workaround?
Not officially. Are you running a file server? Or just using Winbind to authenticate logons? I originally did the work in Likewise's Winbind tree and pushed it upstream. So it has been shipping in Likewise Open [1] for a while. [1] http://www.likewisesoftware.com/community/ cheers, jerry - -- ===================================================================== Samba ------- http://www.samba.org Likewise Software --------- http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIEITKIR7qMdg1EfYRArWoAJ46Dit2T0nwcYwzs9aiZAwrP5bb9QCfQJyS ZznswpSiZQkmjPy2fA+CrNQ= =72M+ -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
