[Likewise-open-discuss] Authentication of Nested Group Member

Gerald (Jerry) Carter jerry at samba.org
Fri Apr 25 08:53:45 PDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Elias wrote:
> Hello.   I've seen topics similar to the issue that I am having but none
> seem to match exactly.   Basically I am looking to authenticate a set of
> users that exist within a nested group in our AD structure that resides
> outside of the users folder.    When I put a group or even a group with
> nested groups in the Users folder, I can authenticate without issue.   
> But when I try to access a group that exists in another branch outside
> of the Users folder, it does not work.
>  
> I have been configuring using the require_membership_of field within
> pam_lwidentity.conf file
>  
> Scenario 1:  require_membership_of = Users\<Group Name>\   ------- This
> works
> Scenario 2:  require_membership_of = <Folder Name>\<Folder Name>\<Group
> Name>\   ------ This does not work

The name is resolved to a Windows Securitr Identifier (SID) and so
should simply be DOMAIN\groupname.  Sounds like you are typing
the OU path which wilwl not work.

>  
> I moved the same group back and forth in scenarios 1 & 2, so it is not
> an issue with the specific group that I am trying to access.
>  
> Other than a typo in my path which I have checked many times, is there
> anything else simple that could be causing this to fail?   Is there any
> parameter in lwauthd.conf that can be used to set the start folder for
> the path?   Or is this sort of pathing not supported?

Could  you explain some more about what you are trying to achieve?
I'm confused.





cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIEf6IIR7qMdg1EfYRAqmcAJ9J4UmiiJCSZyGlGFmRzqkZax4hEQCgtAlG
PNE961HT3NrUE3p3LdZhA98=
=SDbm
-----END PGP SIGNATURE-----

More information about the Likewise-open-discuss mailing list