need to re-evaluate enumerating users
Gerald (Jerry) Carter
jerry at samba.org
Thu Nov 10 19:04:46 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Jeremy Allison wrote:
| On Thu, Nov 10, 2005 at 09:56:08AM -0600, Gerald (Jerry) Carter wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|> Jeremy & Volker,
|> Yeah. So Volker's right. There is really no way to enumerate
|> users in a trusted AD domain without kerberos.
|>From what Volker told me there is no way to do this even
| with kerberos also (unless you're connecting as domain
| admin). The ACLs on the memberOf attribute only allow
| owner and admin read access. Nothing else. That was
| my understanding from our conversation.
Maybe but Kerberos/LDAP is working much better than
RPC. I'm testing against 2003 and 2000 domains.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical