[Likewise-open-discuss] Authentication of Nested Group Member

Scott Elias scottelias at gmail.com
Fri Apr 25 12:18:12 PDT 2008 

This makes sense.   So, I was using the OU path rather than the
domain\group.   When I use domain\group I have no issues.   Just the simple
fix I was looking for....

Thanks,
scott



On Fri, Apr 25, 2008 at 11:53 AM, Gerald (Jerry) Carter <jerry at samba.org>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Scott Elias wrote:
> > Hello.   I've seen topics similar to the issue that I am having but none
> > seem to match exactly.   Basically I am looking to authenticate a set of
> > users that exist within a nested group in our AD structure that resides
> > outside of the users folder.    When I put a group or even a group with
> > nested groups in the Users folder, I can authenticate without issue.
> > But when I try to access a group that exists in another branch outside
> > of the Users folder, it does not work.
> >
> > I have been configuring using the require_membership_of field within
> > pam_lwidentity.conf file
> >
> > Scenario 1:  require_membership_of = Users\<Group Name>\   ------- This
> > works
> > Scenario 2:  require_membership_of = <Folder Name>\<Folder Name>\<Group
> > Name>\   ------ This does not work
>
> The name is resolved to a Windows Securitr Identifier (SID) and so
> should simply be DOMAIN\groupname.  Sounds like you are typing
> the OU path which wilwl not work.
>
> >
> > I moved the same group back and forth in scenarios 1 & 2, so it is not
> > an issue with the specific group that I am trying to access.
> >
> > Other than a typo in my path which I have checked many times, is there
> > anything else simple that could be causing this to fail?   Is there any
> > parameter in lwauthd.conf that can be used to set the start folder for
> > the path?   Or is this sort of pathing not supported?
>
> Could  you explain some more about what you are trying to achieve?
> I'm confused.
>
>
>
>
>
> cheers, jerry
> - --
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Likewise Software          ---------  http://www.likewisesoftware.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIEf6IIR7qMdg1EfYRAqmcAJ9J4UmiiJCSZyGlGFmRzqkZax4hEQCgtAlG
> PNE961HT3NrUE3p3LdZhA98=
> =SDbm
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.likewisesoftware.com/pipermail/likewise-open-discuss/attachments/20080425/ab5cda84/attachment.htm

More information about the Likewise-open-discuss mailing list