Winbind doesnt enumerate more than one group from an AD domain

Simo Sorce simo.sorce at xsec.it
Fri Oct 25 19:29:00 GMT 2002


On Fri, 2002-10-25 at 20:52, Jean Francois Micouleau wrote:
> On Fri, 25 Oct 2002, Gerald (Jerry) Carter wrote:
> 
> > On Fri, 25 Oct 2002, Gareth Davies wrote:
> >
> > > Apparently they need to be Global or Universal to be shown by Winbind.
> >
> > Local groups are supported by winbindd using rpc.  The LDAP backends for
> > winbindd needs this support added (it's a no-op function right now).
> >
> > I'll have to work on it some more.
> 
> ???? you mean local groups within the S-1-5-32 sid sub tree or the local
> domain groups under the PDC SID ? If that's the first case, winbind
> shouldn't even read them, they have no meaning outside the machine they
> are defined.

JF is totally right winbind should never ask for PDCs local group.
But there is a third option, MS has defined an obscure (to me) new type
of group in w2k, the global local group do you mean this one jerry?

Simo.

-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20021025/089e5293/attachment.bin


More information about the samba-technical mailing list