"security = domain" lists more groupmembers than "security = ads"

Gerald (Jerry) Carter jerry at samba.org
Tue Oct 18 12:30:23 GMT 2005

Hash: SHA1

Karolin Seeger wrote:
| Hello,
| I have a question about winbindd design.
| We noticed, that with "security = domain" winbindd
| enumerates all members of a group plus all users
| who have this group as their primary group.
| "Security = ads" only enumerates the mebers of
| the group, not the users which have it as their
| primary group.
| A Sniff shows, that the MMC works in the same way
| as rpcclient / "security = domain". There ist a
| second ldapsearch request for users having the group
| as their primary group.
| The question is whether winbindd should do the
| second ldapsearch request, too. This means to
| behave different to Linux, but like Windows.


Volker and I talked about this yesterday.  He might have
already filled you in but just ni case.....

There are some differences between the rpc and ldap backends
for winbindd so I'm not surprised at your findings.
The real solution will be when we add the auto-detection code
to use the "right" methods depending on the DC to which we
are talking.  This will allow us to choose ldap or rpc
depending on which is more appropriate.

But this will probably be a 3.0.22 feature.

cheers, jerry
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba-technical mailing list