RFC [Patch] winbind expand groups doc
metze at samba.org
Thu Sep 28 14:02:59 UTC 2017
> If i may suggest and mentioning that winbind expand groups = 2 ,was a good minimal setting.
> For example, imo, pretty normal thing, because of things like this.
> Admin1 is member of Domain Admins, which is member of BUILTIN\Administrator
> So 2 depth.
> In my case with RDP, the users is in the domain group (NTDOM\RDP-Allowed, which is added to the local group. ( .\Remote Desktop Users )
The effective group memberships are still in place. The unix token will
have them. "id" should be able to show them, after an successful
This options is really only for broken applications which use something
like: getent group <group> in order to verify that a users if a member
of the group.
Is there an RDP service for linux that qualifies itself as such a broken
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the samba-technical