[Samba] Re: Testing domain group membership
Rex Dieter
rdieter at math.unl.edu
Tue May 24 13:35:52 GMT 2005
John H Terpstra wrote:
> On Monday 23 May 2005 13:41, Rex Dieter wrote:
>>>>I know that
>>>>$ net user info
>>>>returns the groups that a user is a (direct) member of, but for my
>>>>immediate purposes, that is not sufficient (we're using nested groups).
>>AFAICT, nothing in the current Samba-HOWTO mentions any method to test
>>ads group membership for a particular user. Please correct me if I'm
>>wrong.
> Section 12.4.3, though it mentions the RPC method, for an ADS domain member
> use:
> net ads user info 'username' -S target_server -U Administrator%password
> So are you wrong or am I?
I already mentioned in my original post that
$ net user info
returns which groups a user is a (direct) member of, but that is not
sufficient for my needs. I need to test membership of a particular
group, which can possibly involve nested groups, a case for which the
naive 'net user info' test fails:
User foo is a member of Group 'A'.
Group 'A' is a member of Group 'B'.
I need a test to determine if User 'foo" is a member of Group 'B', and
$ net user info 'foo'
will only show/confirm membership in Group 'A'.
-- Rex
More information about the samba
mailing list