need to re-evaluate enumerating users
Gerald (Jerry) Carter
jerry at samba.org
Thu Nov 10 19:04:46 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy Allison wrote:
| On Thu, Nov 10, 2005 at 09:56:08AM -0600, Gerald (Jerry) Carter wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Jeremy & Volker,
|>
|> Yeah. So Volker's right. There is really no way to enumerate
|> users in a trusted AD domain without kerberos.
|
|>From what Volker told me there is no way to do this even
| with kerberos also (unless you're connecting as domain
| admin). The ACLs on the memberOf attribute only allow
| owner and admin read access. Nothing else. That was
| my understanding from our conversation.
Maybe but Kerberos/LDAP is working much better than
RPC. I'm testing against 2003 and 2000 domains.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDc5nOIR7qMdg1EfYRAiVuAKDm203oQD7a2RY9pgKrTa1q5+AY6wCfY8XG
8fgZEfR/VqATi3pVVWa6VRI=
=eD3W
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list