"net groupfilter" ?
Gerald (Jerry) Carter
jerry at samba.org
Tue Dec 16 15:27:35 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Volker Lendecke wrote:
> On Tue, Dec 16, 2008 at 08:55:06AM -0600, Gerald (Jerry) Carter wrote:
>> So then Winbind would only assign gids to groups defined in
>> the filter?
>
> No, that would be a much larger change. This would also
> involve at least some policy decisions whether winbind
> should make the groups that are not mentioned in the filter
> visible at all.
This is exactly how idmap_ad[ex] works now though. I don't see how
what you are proposing is a larger change. Seems like the filtering
just needs to be placed in the idmap plugin and you are done.
> The patch as posted here is the quick and dirty fix for smbd
> only.
I'm confused. Not running Winbind implies that the Windows
users and groups match a local unix user and therefore you
shouldn't really have the > NGROUPS issue. And if you run Winbind,
Just add the filter to the idmap backend and case closed.
So the smbd-only patch is really the wrong place to solve it IMO.
Am I explaining myself ok?
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJR8jlIR7qMdg1EfYRAvefAKDo6Fz0+agCXfAWkmzc3Ky5gh3dWQCfWjkL
+B36yiO98IgIRjSZCus4ByU=
=iPXX
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list