Have been testing 3.0.20pre1. When using "winbind nested groups = yes" and libnss_winbind I don't see local groups coming back from the NT4 domain controller (global groups are present however) Local groups are not seen via the usual methods of wbinfo -g, getent group, nor via a Windows client joined to the domain using the explorer security dialogs. Envr: SLES8 2.4.21-278 Kernel, glibc-2.2.5-231 - Arch: (s390) Envr: Debian (Sarge) 2.4.27-2-k7 Kernel (AMD K7) excerpt from smb.conf: [global] workgroup = DBR05A netbios name = SLES81 netbios aliases = THOME VHOME QHOME server string = SLES8 Samba Test Server os level = 65 domain master = no domain logons = no preferred master = no local master = no security = DOMAIN encrypt passwords = yes password server = gollum max mux = 500 winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + winbind nested groups = yes deadtime = 60 smb ports = 139 445 ########################################################### ## Start of the default options for defined shares ## ########################################################### browseable = yes read only = no nt acl support = yes guest ok = no inherit acls = yes inherit owner = yes dos filetimes = yes map acl inherit = yes store dos attributes = yes vfs objects = audit I tried posting to the samba list, but had no responses Cheers, Grant
Thanks. We're working on trying to clean up several things before the next preview release.
so after looking and reading your mail to the samba mailing list, i think this is just a case of misunderstanding what should happen. In an nt4 domain, domain local groups have a scope local to the DC's only. In a native mode AD domain, the domain local groups have a scope of all members of the domain. I'm marking this one as invalid, but if I misunderstood you feel free to reopen it.