[KLUG Advocacy] samba and ldap and heimdal
Mike Williams
knightperson at zuzax.com
Mon Apr 4 15:13:19 EDT 2005
>
>
>From: Dirk H Bartley <bartleyd2 at chartermi.net>
>
>On Mon, 2005-04-04 at 11:18 -0400, Adam Tauno Williams wrote:
>
>
>
>>>> > All local groups modified through user manager for domains are using the
>>>> > sambaSIDList attribute and ignoring the member. I'm assuming this will
>>>> > make this group useless for linux machines. This can be seen in my
>>>> > "Backup Operators" group object as an example.
>>>
>>>
>>>
>>> Ah. What do these local groups actually do? I have them (as in they
>>> exist) but I've never seen them actually used for anything.
>>>
>>
>>
>
>Local groups can contain a global group as a member. Global Groups can
>only contain users.
>
>It was m$ way of avoiding cascading group owning a group membership.
>This limits the cascade membership level to 1.
>
>Dirk
>
That was the case in NT4 and W2K, and it was a good idea. I think MS
has added a few ways that you can break that rule in a native mode
Server 2003 tree. Some global groups are more global than others, or
something. I can look it up if anybody really cares.
More information about the Advocacy
mailing list