group acl with winbind
Luca Olivetti
luca at wetron.es
Tue Apr 7 10:28:37 EDT 2015
I'm currently using cyrus-imapd 2.4.17 and sssd to obtain nss groups
from an openldap server.
I have some group acl which are currently working fine.
I'm testing the migration to samba4 as an active directory domain
controller and I'm trying to use winbind instead of sssd (which works
perfectly btw).
The problem is that with winbind group acls don't work.
Group enumeration (a pain to configure) works:
$ getent group | grep m_sist
m_sist:x:674:ojeda,luca,calmet,rafa,oscar
But I cannot set acl on that group:
$ cyradm -u cyrus localhost
Password:
localhost> sam m_sist group:m_sist lrw
setaclmailbox: group:m_sist: lrw: Invalid identifier
localhost>
Meanwhile I have winbindd running in the foregroung and the above sam
command will cause no messages at all (i.e. it seems it isn't querying
winbindd for group information)
If I change nsswitch back to sssd (which is pulling data from the same
samba4 server) and restart cyrus, it works:
$ cyradm -u cyrus localhost
Password:
localhost> sam m_sist group:m_sist lrw
localhost>
The simple solution is to use sssd and forget about winbind, but I'm
curious: why one works and the other doesn't giving that group
enumeration works with both?
Bye
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004 Fax +34 935883007
More information about the Info-cyrus
mailing list