wbinfo doesn't return list of trusted domain SIDs
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Jan 22 19:30:59 GMT 2006
On Sun, Jan 22, 2006 at 06:22:16PM +0200, Moshe Yosevshvili wrote:
> the topology of the domain-controllers is native (only win-2000 DCs and not
> mixed-mode).
> looking at the output from "wbinfo -a user" i see that the ms-rpc call to
> NetrLogonSamLogon returns all the groups.
> however, the --user-sids option uses two other ms-rpc calls:
> SamrGetGroupsForUser, SamrGetAliasMembership.
> the SamrGetGroupsForUser is directed to DOMAIN-A's domain-controller but it
> doesn't return the universal group.
Sorry, but --user-sids can not work reliably in all situations. This is due to
ACL restrictions and other problems in AD environments.
Logging in is the only reliable way to get the group memberships.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060122/66cc42e1/attachment.bin
More information about the samba-technical
mailing list