[Samba] AD users from different AD domains - update
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed May 10 15:16:45 GMT 2006
On Wed, May 10, 2006 at 11:00:44AM -0400, Trimble, Ronald D wrote:
> In other words, i would like to know if it is possible to
> check the membership of a user in a group of another AD
> domain ?
No, it is not. The only operation regarding group membership
that is doable reliably is getting the list of groups a user
is member of directly while this user is logging in.
Anything beyond that like asking the same question without
having logged in, getting a list of members of a group,
getting lists of users and groups and so on will sooner or
later fail if you are not administrator of all domains in
question. Winbind is not made for being admin in all
domains, and this is nothing that you _want_ winbind on a
member server to be.
Please look at the explanations in bug #3530. Don't wait for
this to be fixed.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20060510/44a5132d/attachment.bin
More information about the samba
mailing list