Winbind doesnt enumerate more than one group from an AD domain
Gareth Davies
gdavies at willowbrook.co.uk
Mon Oct 28 10:06:00 GMT 2002
Yeh it's not local group as in local machine domain groups, it's local as in
AD groups..
There are 3 types. Local, Global and Universal..
The most basic type of group suitable for networking is the global group,
used to control access to resources that exist anywhere on the network. The
primary limitation to global groups is that they can only contain members
from a single domain. You'd use a global group for users within a single
domain that need access to a common group of files or directories.
Domain local groups are essentially the opposite of global groups. Where a
global group is limited to having members from a single domain, a domain
local group can have members from every domain in your network. However,
unlike global groups, domain local groups can only be applied to resources
within a single domain, hence the name domain local group.
Universal groups, as the name implies, can contain members from any domain
on the network and can control access to resources existing in any of the
network's domains.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/ad/windows2000/maintain/adusers.asp
Shaolin - IT Systems
WB Ltd.
.: http://www.security-forums.com :.
----- Original Message -----
From: "Simo Sorce" <simo.sorce at xsec.it>
To: "Jean Francois Micouleau" <Jean-Francois.Micouleau at dalalu.fr>
Cc: "Gerald (Jerry) Carter" <jerry at samba.org>; "Gareth Davies"
<gdavies at willowbrook.co.uk>; "James Braid" <James.Braid at corp.peace.com>;
<samba-technical at lists.samba.org>
Sent: Friday, October 25, 2002 7:26 PM
Subject: Re: Winbind doesnt enumerate more than one group from an AD domain
More information about the samba-technical
mailing list