Winbind doesnt enumerate more than one group from an AD domain

Gareth Davies gdavies at
Mon Oct 28 10:06:00 GMT 2002

Yeh it's not local group as in local machine domain groups, it's local as in
AD groups..

There are 3 types. Local, Global and Universal..

The most basic type of group suitable for networking is the global group,
used to control access to resources that exist anywhere on the network. The
primary limitation to global groups is that they can only contain members
from a single domain. You'd use a global group for users within a single
domain that need access to a common group of files or directories.

Domain local groups are essentially the opposite of global groups. Where a
global group is limited to having members from a single domain, a domain
local group can have members from every domain in your network. However,
unlike global groups, domain local groups can only be applied to resources
within a single domain, hence the name domain local group.

Universal groups, as the name implies, can contain members from any domain
on the network and can control access to resources existing in any of the
network's domains.

             Shaolin - IT Systems
                     WB Ltd.
.: :.

----- Original Message -----
From: "Simo Sorce" <simo.sorce at>
To: "Jean Francois Micouleau" <Jean-Francois.Micouleau at>
Cc: "Gerald (Jerry) Carter" <jerry at>; "Gareth Davies"
<gdavies at>; "James Braid" <James.Braid at>;
<samba-technical at>
Sent: Friday, October 25, 2002 7:26 PM
Subject: Re: Winbind doesnt enumerate more than one group from an AD domain

More information about the samba-technical mailing list