AD attributes queried by 'id DOMAIN/user'
steve at steve-ss.com
Sun Jun 2 17:30:34 MDT 2013
> > Take a look at:
> > https://blog.cryptomilk.org/2012/11/08/understanding-winbind/
> Thank you sir. That was exactly what I needed.
> It looks like the getgroups call is the one that's blocking. If I could
> tell winbind to pass a objectCategory=group filter as well as
> objectSid=<...> when performing group lookup queries, this would
> substantially reduce the search domain. But I'm not an LDAP hero, so
> this may not be what I should be doing.
You might like to try sssd instead of winbind. It's returns group info.
very quickly and is also easy to setup. It works equally well on both
the DCs and clients. We documented it here:
More information about the samba-technical