[PATCH] Small update to wbinfo --user-groups
Andreas Schneider
asn at samba.org
Wed Feb 14 13:03:04 UTC 2018
On Wednesday, 14 February 2018 12:30:01 CET Volker Lendecke wrote:
> On Wed, Feb 14, 2018 at 12:13:33PM +0100, Andreas Schneider via samba-
technical wrote:
> > I've added the following tests to 'wbinfo --user-groups':
> >
> > NOTE: The information is retrieved using the machine account credentials
> > with limited access permissions, the result may be incomplete or
> > incorrect!
> >
> > I get bug reports, that nested groups are not in the output. Those can
> > only be calculated during authentication.
> >
> >
> > Please review and push if OK.
>
> If we want to be precise: This info is supposed to be correct after a
> successful login, either via Kerberos or via NTLM, i.e. wbinfo -a.
> Also, you might want to describe that we cache successful logins
> indefinitely, so wbinfo -r will output stale information if group
> memberships change in AD and the user has not re-logged in after that
> change.
>
> Hope that helps,
Thanks for the feedback. I the updated patch ok? I'm using "authenticated"
should I use "logged in"?
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
-------------- next part --------------
>From 689413a557d276109b247a0390713246ac3bff95 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 14 Feb 2018 12:05:16 +0100
Subject: [PATCH] docs: Add a not that 'wbinfo --user-groups' may be incomplete
Signed-off-by: Andreas Schneider <asn at samba.org>
---
docs-xml/manpages/wbinfo.1.xml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
index c427007be0f..f9f841af323 100644
--- a/docs-xml/manpages/wbinfo.1.xml
+++ b/docs-xml/manpages/wbinfo.1.xml
@@ -386,7 +386,10 @@
<term>-r|--user-groups <replaceable>username</replaceable></term>
<listitem><para>Try to obtain the list of UNIX group ids
to which the user belongs. This only works for users
- defined on a Domain Controller.
+ defined on a Domain Controller.</para>
+ <para>NOTE: The information is retrieved using the machine
+ account credentials with limited access permissions, the result
+ may be incomplete or incorrect!
</para></listitem>
</varlistentry>
--
2.16.1
More information about the samba-technical
mailing list