Finding group members - fix to winbindd_ads.c

Ken Cross kcross at
Sat Feb 1 13:48:37 GMT 2003

Andrew et al:

On further reflection, you may want to reconsider my original patch.

Currently, if you do WINBINDD_GETGRNAM to an NT domain, you get *all*
the members of a group, whether primary or supplemental.  

The same call to an AD just returns supplemental members.

My patch causes the call to either an NT domain or AD to return the same
thing.  It seems like they should be consistent.


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at] 
Sent: Friday, January 31, 2003 5:47 PM
To: Ken Cross
Cc: 'Andrew Bartlett'
Subject: RE: Finding group members - fix to winbindd_ads.c

On Sat, 2003-02-01 at 09:15, Ken Cross wrote:
> Thanks, Andrew, will do.
> We're definitely abusing Samba 3.0 to its limits and beyond.

It's called innovation :-)

> The change
> below was necessary because we have a GUI that lets you select things 
> like "all users who belong to groups starting with A".  So we needed 
> to know all the members of groups starting with A.  The existing code 
> didn't give them.
> The most obvious is Domain Users.  If you do WINBINDD_GETGRGID or 
> WINBINDD_GETGRNAM you only get users whose primary group is *not* 
> Domain Users.

Given that, it might be worth adding a seperate winbind call that had
the desired semantics.  In particular, it should return the user's in
'NT' from - say a record with separate domain, username and SID.

If you want to come up with a patch that does something like that, I'll
certainly give it a serious look.  Be aware that we change the winbind
pipe interface occasionally, and we are trying to move away from having
external projects dependent on it's layout.  (Probably not too much of
an issue inside a NAS device however).

Also, you should try to keep your replies to the list, so that others
can comment.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list