[Samba] Re: Testing domain group membership
John H Terpstra
jht at Samba.Org
Mon May 23 19:52:51 GMT 2005
On Monday 23 May 2005 13:41, Rex Dieter wrote:
> John H Terpstra wrote:
> > On Monday 23 May 2005 11:09, Rex Dieter wrote:
> >>Is there a samba command (using net,wbinfo, or whatever) to allow one to
> >>test whether a user is a member of a particular (domain) group?
> >>I know that
> >>$ net user info
> >>returns the groups that a user is a (direct) member of, but for my
> >>immediate purposes, that is not sufficient (we're using nested groups).
> > Suggest you check out chapter 12 of the Samba-HOWTO-Collection.pdf. This
> > document can be obtained from:
> > http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
> > If the information in this chapter does not meet your needs please let me
> > know as soon as possible. So I can fix it before it goes to print.
> AFAICT, nothing in the current Samba-HOWTO mentions any method to test
> ads group membership for a particular user. Please correct me if I'm
Section 12.2, "When used against a server that is a member of an Active
Directory domain it is preferable (and often necessary) to use ADS mode
operations. The net command supports both, but not for every operation. For
most operations, if the mode is not specified net will automatically fall
back via the ads, rpc, rap modes."
Section 12.4.3, though it mentions the RPC method, for an ADS domain member
net ads user info 'username' -S target_server -U Administrator%password
So are you wrong or am I? Do you feel it is essential to document for every
possible option, also every possible transport protocol? Please help me to
understand if the documentation is sufficient of inadequate. If it is
inadequate it must be fixed.
- John T.
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba