[Samba] Enumerate group members

Diego Rivera diego at rivera.net
Tue Jun 13 01:36:49 GMT 2006

Thanks, I already knew that getent group wouldn't work (on the original 
post ;)).

Thanks for the quick answer anyway.  So, according to AD ACL's, it's 
possible that a machine in a domain which needs to check group access 
(i.e. a samba box) may not get accurate information about whether a user 
is a member of a group? Or just that the ACL's may forbid the 
enumeration of group members for particular groups?



Volker Lendecke wrote:

>On Mon, Jun 12, 2006 at 08:19:48AM -0600, Diego Rivera wrote:
>>members of an ADS group, with something other than the "id" command for 
>>each user, or "getent group"?  The "id" works but then I'd have to 
>getent group <groupname>
>should give you what you want. But we do not give *any*
>guarantees about the correctness of the result. There's a
>number of reasons for not filling in the members correctly,
>a number of them being out of our control (AD ACLs).

More information about the samba mailing list