New group mapping and the auth subsystem

Tim Potter tpot at
Sun Dec 2 14:04:02 GMT 2001

On Sun, Dec 02, 2001 at 10:12:32PM +0100, Jean Francois Micouleau wrote:

> > > you can get the list of SIDs of an arbitrary user !
> >
> > Well kind-of.  Winbindd uses the SAMR getusergroups function to get
> > a list of groups the user is a member of.  Unfortunately it doesn't
> > return any Windows 2000 Universal Groups the user is a member of.
> because samr_getusergroups is mis-named.
> it should be samr_getuserDOMAINgroups. It returns only the domain groups
> the user is member of. I checked that less than 24 hours ago.

Shall we rename it then?

> If you want the local groups (aliases), the user is member of, you need to
> call samr_getuseraliases.
> now for the universal groups, I don't know. I'm not even sure you can get
> them with an rpc samr call. I could investigate.

I don't think it can be done over RPC.  Probably only over LDAP.


More information about the samba-technical mailing list