[Samba] Re: Testing domain group membership

[John H Terpstra]

On Monday 23 May 2005 13:41, Rex Dieter wrote:
> John H Terpstra wrote:
> > On Monday 23 May 2005 11:09, Rex Dieter wrote:
> >>Is there a samba command (using net,wbinfo, or whatever) to allow one to
> >>test whether a user is a member of a particular (domain) group?
> >>
> >>I know that
> >>$ net user info
> >>returns the groups that a user is a (direct) member of, but for my
> >>immediate purposes, that is not sufficient (we're using nested groups).
> >
> > Suggest you check out chapter 12 of the Samba-HOWTO-Collection.pdf. This
> > document can be obtained from:
> >
> > 	http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
> >
> > If the information in this chapter does not meet your needs please let me
> > know as soon as possible. So I can fix it before it goes to print.
>
> AFAICT, nothing in the current Samba-HOWTO mentions any method to test
> ads group membership for a particular user.  Please correct me if I'm
> wrong.

Section 12.2, "When used against a server that is a member of an Active 
Directory domain it is preferable (and often necessary) to use ADS mode 
operations. The net command supports both, but not for every operation. For 
most operations, if the mode is not specified net will automatically fall 
back via the ads, rpc, rap modes."

Section 12.4.3, though it mentions the RPC method, for an ADS domain member 
use:

	net ads user info 'username' -S target_server -U Administrator%password

So are you wrong or am I? Do you feel it is essential to document for every 
possible option, also every possible transport protocol? Please help me to 
understand if the documentation is sufficient of inadequate. If it is 
inadequate it must be fixed.

Thanks.

- John T.


-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.