Question: winbindd & expand groups value

[Noel Power]

I am a little unsure and confused about what is the expected behaviour
with this. The man page state "This option controls the maximum depth
that winbindd will traverse when flattening nested group memberships of
Windows domain groups" However it seems that this setting also affects
how membership of normal (non nested) groups is returned. For example
with the new default

getent group AD\\groupname won't return any members at all

so is it just the text here is confusing and/or inaccurate or is this
behaviour expected?

Now the smb.conf also states "Some broken applications calculate the
group memberships of users by traversing groups, such applications will
require "winbind expand groups = 1" No mention this time of nested
groups implying that perhaps this setting does indeed affect non nested
groups. So, does this mean that any calls (e.g. getgrnam) that trigger
'wb_group_members_send' are doomed to fail to return anything for the
new default ? This question arose from a customer query where the newgrp
& sg were failing (and at least in the case of newgrp it checks if the
user running the cmd is mentioned as a member(s) returned from 'getgrnam'. 

Thanks in advance for any clarification


Noel