Re: [Samba] Enumerate group members
On Mon, Jun 12, 2006 at 07:36:49PM -0600, Diego Rivera wrote: > Thanks for the quick answer anyway. So, according to AD ACL's, it's > possible that a machine in a domain which needs to check group access > (i.e. a samba box) may not get accurate information about whether a user > is a member of a group? Or just that the ACL's may forbid the > enumeration of group members for particular groups? The latter. The operation that will always work is to return the groups a user is in when logging in as that user. Volker pgpAKWOhqJkFC.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Enumerate group members
Thanks, I already knew that getent group wouldn't work (on the original post ;)). Thanks for the quick answer anyway. So, according to AD ACL's, it's possible that a machine in a domain which needs to check group access (i.e. a samba box) may not get accurate information about whether a user is a member of a group? Or just that the ACL's may forbid the enumeration of group members for particular groups? Thanks Diego Volker Lendecke wrote: On Mon, Jun 12, 2006 at 08:19:48AM -0600, Diego Rivera wrote: members of an ADS group, with something other than the "id" command for each user, or "getent group"? The "id" works but then I'd have to getent group should give you what you want. But we do not give *any* guarantees about the correctness of the result. There's a number of reasons for not filling in the members correctly, a number of them being out of our control (AD ACLs). Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Enumerate group members
On Mon, Jun 12, 2006 at 08:19:48AM -0600, Diego Rivera wrote: > members of an ADS group, with something other than the "id" command for > each user, or "getent group"? The "id" works but then I'd have to getent group should give you what you want. But we do not give *any* guarantees about the correctness of the result. There's a number of reasons for not filling in the members correctly, a number of them being out of our control (AD ACLs). Volker pgpIwi6mDSh0F.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Enumerate group members
Hello all! Is it possible, using winbind (wbinfo, nss_winbind, etc) to enumare the members of an ADS group, with something other than the "id" command for each user, or "getent group"? The "id" works but then I'd have to enumerate ALL users and build the meber list from there (too slow), whereas "getent group" will only list those members of a group for which the group is not the primary one. Thanks Diego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba