Hay Jerry,
Gerald (Jerry) Carter schrieb:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andreas Ladanyi wrote:
Ok ! Could it be true this behavior is different between
"security=domain" and "security=ads" ?
Because we had to put the user to the group:
- first on windows side in ActiveFirectory
- second on unix site in AD in the tab "Members of"
so winbind 3.0.24 client recognise the group membership
on unix side in "security=domain" mode.
Now we changed to Samba 3.0.31 with security=ads
mode and the behavior is a bit different.
You lost me here. Maybe due to the fact that I accustomed
to the Windows 2003 R2 Unix Attribute tab. The only member
of tab I see is to control the Windows group memberships.
The reason of my message is a litte confusion:
In general you are right ;-)
There is one "UNIX attribute" tab and one "Members Of" tab.
During some tests we discover the following facts
=================================================
In "UNIX attribute" tab:
========================
winbind is only interested in the UID field ->
in ldap tree the attribute "uidnumber".
The other attributes from "UNIX attribute" tab are written to ldap tree,
but not used by winbind on linux side.
For example we set the following parameter in smb.conf:
winbind nss info = sfu
Of course we could define our own template bash/home with the "template
home" and "template shell" parameter, but its better the "sfu" will
work, so we would configure this parameter by the tab.
The "primary Group" is written to the ldap tree but not used by winbind
on the unix side.
In "Members Of" tab:
====================
In this tab you can choose a group from a list and there is a button you
could set a Unix primary group by klicking. This will be read by winbind
only. But this have no force to the primary group ID on the "UNIX
attribute" tab.
What do you say ? Did we configure something wrong ? Is this the normal
function ?
Thanks,
Andy
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
