[Samba] Samba 4.1.4 and winbind
Brady, Mike
mike.brady at devnull.net.nz
Sat Feb 1 17:33:19 MST 2014
On 2014-02-02 10:32, Björn JACKE wrote:
> On 2014-02-02 at 09:16 +1300 Brady, Mike sent off:
>> but I vaguely remember that I found that 'getent group' doesn't
>> return any of the AD groups if there is a (and there only needs to
>> be one) group in AD that does not have a gidNumber assigned.
>
> after you found out about that, do you vaguely remember where you
> reported that
> thing in bugzilla?
>
I didn't. I thought I had raised it in one of the numerous winbind
discussions of recent months. Looking through the list archives I can't
see it though. So I will have to say that I dropped the ball on that
one and/or plead insanity.
> Apart from that winbind enum users/groups only be used for testing
> purposes.
> *Any* productive setup should have turned that parameter off (which is
> the
> default). Winbind can cope with domains which contain thousands and
> millions of
> users without a problem. Any nss module which would allow group or user
> enumerations would doom itself and the DCs, too.
>
Agreed and that is how my production environments are set up. Which may
also be why I managed to forget to report it. Winbind is working as
expected with my production config so out of site out of mind.
More information about the samba
mailing list