wbinfo doesn't return list of trusted domain SIDs
Moshe Yosevshvili
moshe.yosevshvili at gmail.com
Sun Jan 22 16:22:16 GMT 2006
hi.
I'm using samba 3.0.20b and looking at the output from "wbinfo --user-sids
xxx" i think there's a problem.
i have a Win-2000 forest and in it DOMAIN-A, DOMAIN-B. the domain have
bi-directional trust relations between them.
i have a user: DOMAIN-A\user and i add this user (using active-directory
GUI) to a universal group in the forest and to
a local domain group in DOMAIN-B (DOMAIN-B\local).
when i join a machine to DOMAIN-A and run "wbinfo --user-sids user_SID" i
get only the groups within DOMAIN-A, whereas
i expected to also get the universal group (i don't expect to get the local
group from DOMAIN-B). why don't i get it?
the topology of the domain-controllers is native (only win-2000 DCs and not
mixed-mode).
looking at the output from "wbinfo -a user" i see that the ms-rpc call to
NetrLogonSamLogon returns all the groups.
however, the --user-sids option uses two other ms-rpc calls:
SamrGetGroupsForUser, SamrGetAliasMembership.
the SamrGetGroupsForUser is directed to DOMAIN-A's domain-controller but it
doesn't return the universal group.
thanks.
More information about the samba-technical
mailing list