Hi, I apologise in advance for the length of this email and for the
possible newbie-ishness of it but I'm having some trouble trying to get
my head around the Windows NT "Local Groups" concept and was wondering
if anyone on the list could shed some light on the subject.
I have an NT4 BDC which I am trying to migrate to a Samba domain member
server (I would like to migrate the entire domain to samba but I don't
have the expertise to do so with confidence just yet). Anyway, when I
tried to migrate the shares over, the files copied just fine but the
ACLs were missing any information pertaining to the NT local groups. A
few hours of googling later I discovered that samba supports "nested
groups" (I'm assuming that nested groups are more or less synonymous
with NT's local groups), however, this is only applicable to local
groups on the samba side and intended for adding windows domain global
groups to unix groups. Apparently NT4 domain local groups are only
applicable to that domain's PDCs and BDCs.
So I did an experiment, I added myself to several domain local groups
and went to my samba machine and did:
wbinfo -r "MYDOMAIN\jamesw"
and it gave me a list of gids. I then put each of those gids into:
wbinfo -G GID
to obtain the sids. Finally, I put the SIDs into:
wbinfo -s SID
and there were my domain local group names (or at least some of them -
the preset groups like "Backup Operators" weren't there for some reason).
My question is this. Since winbind can map gids to domain local group
names when asked to do it manually, is there a way to get it to work
automatically, i.e. when I use chgrp, ls -l, etc.?
Alternatively, is there a way of getting around the fact that some twonk
set up a load of local groups on my domain when they really wanted to
use global ones.
Thanks for listening (or reading).
Cheers,
James.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
