[PATCH] Small update to wbinfo --user-groups

Andreas Schneider asn at samba.org
Wed Feb 14 13:03:04 UTC 2018 

On Wednesday, 14 February 2018 12:30:01 CET Volker Lendecke wrote:
> On Wed, Feb 14, 2018 at 12:13:33PM +0100, Andreas Schneider via samba-
technical wrote:
> > I've added the following tests to 'wbinfo --user-groups':
> > 
> > NOTE: The information is retrieved using the machine account credentials
> > with limited access permissions, the result may be incomplete or
> > incorrect!
> > 
> > I get bug reports, that nested groups are not in the output. Those can
> > only be calculated during authentication.
> > 
> > 
> > Please review and push if OK.
> 
> If we want to be precise: This info is supposed to be correct after a
> successful login, either via Kerberos or via NTLM, i.e. wbinfo -a.
> Also, you might want to describe that we cache successful logins
> indefinitely, so wbinfo -r will output stale information if group
> memberships change in AD and the user has not re-logged in after that
> change.
> 
> Hope that helps,

Thanks for the feedback. I the updated patch ok? I'm using "authenticated" 
should I use "logged in"?

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
>From 689413a557d276109b247a0390713246ac3bff95 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 14 Feb 2018 12:05:16 +0100
Subject: [PATCH] docs: Add a not that 'wbinfo --user-groups' may be incomplete

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 docs-xml/manpages/wbinfo.1.xml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
index c427007be0f..f9f841af323 100644
--- a/docs-xml/manpages/wbinfo.1.xml
+++ b/docs-xml/manpages/wbinfo.1.xml
@@ -386,7 +386,10 @@
 		<term>-r|--user-groups <replaceable>username</replaceable></term>
 		<listitem><para>Try to obtain the list of UNIX group ids
 		to which the user belongs.  This only works for users
-		defined on a Domain Controller.
+		defined on a Domain Controller.</para>
+		<para>NOTE: The information is retrieved using the machine
+		account credentials with limited access permissions, the result
+		may be incomplete or incorrect!
 		</para></listitem>
 		</varlistentry>
 
-- 
2.16.1

More information about the samba-technical mailing list