New group mapping and the auth subsystem

Tim Potter tpot at samba.org
Sun Dec 2 16:52:14 GMT 2001


On Mon, Dec 03, 2001 at 11:40:58AM +1100, Luke Howard wrote:

> Sure. However, Active Directory does give you a way to query
> the SIDs of the groups a user belongs to without traversing
> the user's group graph. This probably helps KDCSVC construct
> the PAC.
> 
> $ ldapsearch -s base -b "cn=luke howard,cn=users,dc=nt,dc=padl,dc=com" 'objectclass=*' tokenGroups tokenGroupsNoGC
> dn: cn=luke howard,cn=users,dc=nt,dc=padl,dc=com
> tokenGroups:: AQIAAAAAAAUgAAAAIAIAAA==

I take it these are base64 encoded strings that correspond to a sid
structure?


Tim.
> 




More information about the samba-technical mailing list