[Samba] Enumerate group members
Diego Rivera
diego at rivera.net
Tue Jun 13 01:36:49 GMT 2006
Thanks, I already knew that getent group wouldn't work (on the original
post ;)).
Thanks for the quick answer anyway. So, according to AD ACL's, it's
possible that a machine in a domain which needs to check group access
(i.e. a samba box) may not get accurate information about whether a user
is a member of a group? Or just that the ACL's may forbid the
enumeration of group members for particular groups?
Thanks
Diego
Volker Lendecke wrote:
>On Mon, Jun 12, 2006 at 08:19:48AM -0600, Diego Rivera wrote:
>
>
>>members of an ADS group, with something other than the "id" command for
>>each user, or "getent group"? The "id" works but then I'd have to
>>
>>
>
>getent group <groupname>
>
>should give you what you want. But we do not give *any*
>guarantees about the correctness of the result. There's a
>number of reasons for not filling in the members correctly,
>a number of them being out of our control (AD ACLs).
>
>Volker
>
>
More information about the samba
mailing list