New group mapping and the auth subsystem
Tim Potter
tpot at samba.org
Sun Dec 2 12:24:05 GMT 2001
On Sun, Dec 02, 2001 at 11:42:31AM +0100, Jean Francois Micouleau wrote:
> > > But how do you (on a member server) get the list of sids that a user
> > > has? In particular, how do we do this if we don't have winbind?
> >
> > You can't get the list of SIDs for an "arbitrary" user, they
> > need to have logged on via netlogon or PAC. Then we know what
> > SIDs they have (from the return value) and we store it in the
> > token.
>
> you can get the list of SIDs of an arbitrary user !
Well kind-of. Winbindd uses the SAMR getusergroups function to get
a list of groups the user is a member of. Unfortunately it doesn't
return any Windows 2000 Universal Groups the user is a member of.
Tim.
More information about the samba-technical
mailing list