need to re-evaluate enumerating users

Jeremy Allison jra at
Thu Nov 10 18:48:19 GMT 2005

On Thu, Nov 10, 2005 at 09:56:08AM -0600, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Jeremy & Volker,
> Yeah. So Volker's right.  There is really no way to enumerate
> users in a trusted AD domain without kerberos.

>From what Volker told me there is no way to do this even
with kerberos also (unless you're connecting as domain
admin). The ACLs on the memberOf attribute only allow
owner and admin read access. Nothing else. That was
my understanding from our conversation.


More information about the samba-technical mailing list