Domain local groups?
Gerald (Jerry) Carter
jerry at samba.org
Tue Apr 5 14:47:53 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Volker Lendecke wrote:
| Hi, Jerry (and the rest)!
|
| Is it possible that expanding domain local groups is quite broken in
winbind?
| Looking at winbindd_group.c around line 1130 I read:
|
|
| /* Check it is a domain group or an alias (domain local group)
| in a win2k native mode domain. */
|
| if ( !((sid_type==SID_NAME_DOM_GRP) ||
| ((sid_type==SID_NAME_ALIAS) && domain->primary)) )
The original code was based on the understanding that domain local
groups are only valid in our domain (in a native 2k domain). Are domain
local groups from a parent domain even meaningful in a child domain ?
This could be my bug based on a misunderstanding. But it was tested a
good deal during the PSA development cycle and did what it was intended
to do.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCUqUZIR7qMdg1EfYRAuSXAKCTqI1jTPbd61xmrHshV9V3u5PCxACfbyRr
aVa9S2TN5liOvklkY9wfp00=
=RmhS
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list