need to re-evaluate enumerating users
Jeremy Allison
jra at samba.org
Thu Nov 10 18:48:19 GMT 2005
On Thu, Nov 10, 2005 at 09:56:08AM -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeremy & Volker,
>
> Yeah. So Volker's right. There is really no way to enumerate
> users in a trusted AD domain without kerberos.
>From what Volker told me there is no way to do this even
with kerberos also (unless you're connecting as domain
admin). The ACLs on the memberOf attribute only allow
owner and admin read access. Nothing else. That was
my understanding from our conversation.
Jeremy.
More information about the samba-technical
mailing list