[Samba] Re: Winbind and AD groups containing groups

Charles Gruener cjg9411 at rit.edu
Mon Nov 13 16:37:06 GMT 2006


>Michael Schurter wrote:
>> On Fri, 2006-11-10 at 12:34 -0600, Rex Dieter wrote:
>>> Gerald (Jerry) Carter wrote:
>>>> Charles,  This is a known issue at the moment.  If we did
>>>> a limited amount of nested group expansion (one level for
>>>> example, would that be ok)?
>>> For our deployment usecase, we'd need an absolute minimum of 3 levels of
>>> expansion, depending on the definition of level.  For us we have:
>> 
>> Could the level of recursion be a configuration parameter and just
>> default to 0?  That would seem ideal as it would keep backwards
>> compatibility and offer the greatest level of control.
>
>Possibility.  Myself and another dev here at Centeris
>are looking into this.

I know that in my case, I'd need a large level of recursion, say about 5 or
7 groups deep.  What I don't understand is that "wbinfo -r username"
correctly returns all the groups the user belongs to.  Couldn't this
information somehow be used to solve this issue?

Charles



More information about the samba mailing list