I'm using winbindd to dump NT users and groups out to Unix, and I think I've found a rather major bug.
We have a mixture of Active Directory and WinNT Domains spread world-wide over low to high (1-2Mbs) speed WAN links. If I dump a remote domains groups, the accounts within show up with the WRONG MEMBERS! e.g. if winbindd is running under the local "NZ" domain, and I use it via "export WINBINDD_DOMAIN=US" to dump group membership in a (Active Directory) domain on another site (via "getent group"), then I end up with corrupt entries: e.g. "US+Just Me" may be a Universal Group that is meant to contain "NZ+jhaar", instead it contains "US+other_user"! In fact, all of the Universal Groups in "US" come through *exclusively* with corrupt "US+username" entries, instead of the mixture of domain accounts that are really there. Perhaps there some misinterpretation of SIDs going on in winbindd? Redhat 7.3, Samba 2.2.7a. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1