[KLUG Advocacy] samba and ldap and heimdal

[Adam Tauno Williams]

> > > All local groups modified through user manager for domains are using the
> > > sambaSIDList attribute and ignoring the member.  I'm assuming this will
> > > make this group useless for linux machines.  This can be seen in my
> > > "Backup Operators" group object as an example.
> > Ah.  What do these local groups actually do?  I have them (as in they
> > exist) but I've never seen them actually used for anything.
> Local groups can contain a global group as a member.  Global Groups can
> only contain users.
> It was m$ way of avoiding cascading group owning a group membership.
> This limits the cascade membership level to 1.

Ah, yep, I remember that now.  But I'm still unclear if local groups on
the Samba server do or are-meant-to-do anything meaningful.  NSS
certainly isn't going to understand the membership cascade (although it
is a very neat idea).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/advocacy/attachments/20050404/4bb833cc/attachment.bin