Hi Gordon ,.
But According to samba documentation, nested groups doesn't work is mentioned, "In Samba-3, the group management system is based on POSIX groups. This means that Samba makes use of the posixGroup ObjectClass. For now, there is no NT-like group system management (global and local groups). Samba-3 knows only about Domain Groups and, unlike MS Windows 2000 and Active Directory, Samba-3 does not support nested groups" as i have all domain groups and no local groups. using winbind, when we create local groups we can have nested groups, but if there domain groups, is nested groups possible ? i am not sure, or am i wrong. Regards Niranjan On 3/2/06, mallapadi niranjan <[EMAIL PROTECTED]> wrote: > > Hi all > > So in my case where i have 2 domain member servers to a PDC . > i have already setup PDC in which winbind id map is set in ldap, but i am > not sure > how to make it work, now that already i have setup, domain member servers, > to a PDC, > enabling winbind will disturb my existing setup, > on PDC , winbind is not running but on domain member servers winbind is > running. > > i use domain member servers as file servers , which are mapped to windows > clients (through logon > script). i have already created users and groups on PDC and setup > permissions on file servers . > on Domain member server i have configured ldap.conf and subsequently > modified nsswitch.conf so i have setup permissions as below > > setfacl -m u:username:rwx <directroy/file> > > and not as setfacl -m u:mydomain\username:rwx <directory/file> > > so now if i enable winbind(on server) , will the current permissions > change ?. I don't want to disturb my current setup. > is it possible ? > > Regards > Niranjan > > > > > On 3/2/06, simo <[EMAIL PROTECTED]> wrote: > > > > On Wed, 2006-03-01 at 23:39 -0800, Gordon Messmer wrote: > > > mallapadi niranjan wrote: > > > > > > > > is pdc without winbind a best option or with winbind > > > > > > I believe that winbind is intended only for domain members, not for > > > domain controllers. > > > > That's wrong, on a DC winbindd serves nested groups (aliases) and > > trusted domains users and groups. > > > > Simo. > > > > -- > > Simo Sorce > > Samba Team GPL Compliance Officer > > email: [EMAIL PROTECTED] > > http://samba.org > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba