Question: winbindd & expand groups value
Noel Power
nopower at suse.com
Thu Jul 20 09:39:47 UTC 2017
Hi Metz
Thanks, yes this does help :-)
Noel
On 19/07/17 19:56, Stefan Metzmacher wrote:
> Hi Noel,
>
>> Any more info about this, it would be great to get some clarity, could
>> propose doc change if more clue about what is correct or not
> Sorry for the delayed response I forgot to reply...
>
> The default value of 0 means we don't query group member ships at all,
> so we always report an empty member list.
>
> We only do the lsa lookup names and id mapping to deliver the group
> record.
>
> Using netlogon and lsa lookup names/sids against our primary domain
> are the only reliable calls we are available for our machine account.
>
> Everything else like ldap or samr calls just cause problems in a lot
> of situations. And the list of group members is not really needed
> for most applications at all. All sane applications use
> initgroups_dyn() to get the groups of a specific user, which gets
> answered from the netsamlogon cache.
>
> I hope that helps a bit.
>
> metze
>
More information about the samba-technical
mailing list