Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
Nested domain local groups
Fredo
Hi,
I get an issue (or misunderstanding) with AD authentication with nested groups.
dlg -> domain local group
dgg -> domain global group
Our first group scenario was :
- a dlg used as group for sharing on a workarea
- this dlg contains another dlg with user account
In this scenario, we get a permission denied when submitting a new file to the staging.
I just try the following one:
- a dlg used as group for sharing on a workarea
- this dlg contains a dgg with user account
And it's seems to work.
The question is what are the possible scenario for group nesting ?
Is the group nesting scenario is fixed to two levels ?
first level, a dlg for group sharing
second level, dgg with users account
Or a multilevel scenario like this one may work ?
a dlg as group sharing, this dlg contains another dlg, that contains another dlg and finally a dgg with users account.
Thanks in advance for your feedback.
Fredo
Find more posts tagged with
Comments
wadis_julia
In my experience, nesting dgg's into the dlg, the latter used as the group for sharing, is the way to go. I also have this in the [iwserver] section of iw_cfg: domain_local_groups=yes
Fredo
Hello, thank you for your answer.
I have just tested the following scenario:
a dlg as group for sharing, that contains another dlg containing a dgg with users account.
And it seems not working.
So it seems that nesting several dlg is not supported...
Will try by nesting several dgg....
PreviewTransparent.png
DiamondsStacking.ssd.zip
4169.pdf
StuFox
HI Fredo
We went through the same thing a while ago and found a similar problems. My understanding of the way it works is that you need a Domain Local Group for access directly from Teamsite if you want to nest groups.
Further the groups in side the Local Group need to be Global Groups, then you can nest global groups inside global groups.
Also you need to perform one other task, that is to set the security on your users, all users need to have authenticated users have access to read their group memebership (is the is a tech note on this but I can't find it at the moment).
Hope this help
- Stu
Fredo
Hi StuFox,
Thanks for you answer. I try the following:
Set a dlg as group for sharing containing on dgg that contains another dgg that contains a user account.
The AD Security on all three groups, the user account and the Computer accout (where teamsite is running) to everyone and authenticated user full controls.
And it's not working... Are you sure that the multi levels nesting is working ?
Fredo
