Volker, I know you and I have been over this in the past, but I have a few questions based on this thread. If winbind does correctly list the groups, why does it not correctly tell you that the user is indeed a member of that group? Are you saying that if you were an admin in all domains it would work? What if the server was not merely a member server? Would it work then? I am not trying to be a pain, I am just looking for solutions to a problem that lots of other Windows admins like myself see as a huge issue.
Sincerely, Ron -----Original Message----- From: Volker Lendecke [mailto:[EMAIL PROTECTED] On Behalf Of Volker Lendecke Sent: Wednesday, May 10, 2006 11:17 AM To: Trimble, Ronald D Cc: samba@lists.samba.org Subject: Re: [Samba] AD users from different AD domains - update On Wed, May 10, 2006 at 11:00:44AM -0400, Trimble, Ronald D wrote: > In other words, i would like to know if it is possible to > check the membership of a user in a group of another AD > domain ? No, it is not. The only operation regarding group membership that is doable reliably is getting the list of groups a user is member of directly while this user is logging in. Anything beyond that like asking the same question without having logged in, getting a list of members of a group, getting lists of users and groups and so on will sooner or later fail if you are not administrator of all domains in question. Winbind is not made for being admin in all domains, and this is nothing that you _want_ winbind on a member server to be. Please look at the explanations in bug #3530. Don't wait for this to be fixed. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba