hello in a previous post, i was describing the behaviour with samba 3.0.21rc1 (winbind in particular) : - We have a single AD forest, whith different domains, A & B. - The group, in domain A, we use for our authentication process contains user from the 2 domains A & B. While using wbinfo, i cannot succeed to get a positive answer when i ask if a user from domain B belongs or not to the group. (but the user belongs to this group) In other words, i would like to know if it is possible to check the membership of a user in a group of another AD domain ? This was supposed to be linked to the bug#3530. Does anyone know if this issue is solved on new version , or if a patch exists ? Thanks in advance
Trimble, Ronald D
2006-May-10 15:02 UTC
[Samba] AD users from different AD domains - update
I am also waiting for this to be "fixed." -----Original Message----- From: samba-bounces+ronald.trimble=unisys.com@lists.samba.org [mailto:samba-bounces+ronald.trimble=unisys.com@lists.samba.org] On Behalf Of Lionel D?ruaz Sent: Wednesday, May 10, 2006 9:16 AM To: samba@lists.samba.org Subject: [Samba] AD users from different AD domains - update hello in a previous post, i was describing the behaviour with samba 3.0.21rc1 (winbind in particular) : - We have a single AD forest, whith different domains, A & B. - The group, in domain A, we use for our authentication process contains user from the 2 domains A & B. While using wbinfo, i cannot succeed to get a positive answer when i ask if a user from domain B belongs or not to the group. (but the user belongs to this group) In other words, i would like to know if it is possible to check the membership of a user in a group of another AD domain ? This was supposed to be linked to the bug#3530. Does anyone know if this issue is solved on new version , or if a patch exists ? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Trimble, Ronald D
2006-May-10 18:29 UTC
[Samba] AD users from different AD domains - update
Volker, I know you and I have been over this in the past, but I have a few questions based on this thread. If winbind does correctly list the groups, why does it not correctly tell you that the user is indeed a member of that group? Are you saying that if you were an admin in all domains it would work? What if the server was not merely a member server? Would it work then? I am not trying to be a pain, I am just looking for solutions to a problem that lots of other Windows admins like myself see as a huge issue. Sincerely, Ron -----Original Message----- From: Volker Lendecke [mailto:vlendec@sernet.de] On Behalf Of Volker Lendecke Sent: Wednesday, May 10, 2006 11:17 AM To: Trimble, Ronald D Cc: samba@lists.samba.org Subject: Re: [Samba] AD users from different AD domains - update On Wed, May 10, 2006 at 11:00:44AM -0400, Trimble, Ronald D wrote:> In other words, i would like to know if it is possible to > check the membership of a user in a group of another AD > domain ?No, it is not. The only operation regarding group membership that is doable reliably is getting the list of groups a user is member of directly while this user is logging in. Anything beyond that like asking the same question without having logged in, getting a list of members of a group, getting lists of users and groups and so on will sooner or later fail if you are not administrator of all domains in question. Winbind is not made for being admin in all domains, and this is nothing that you _want_ winbind on a member server to be. Please look at the explanations in bug #3530. Don't wait for this to be fixed. Volker
On Wed, May 10, 2006 at 11:12:07PM +0200, Volker Lendecke wrote:> Patches are always welcome. The best place to post a patch > fixing this faulty behaviour is samba-technical@samba.org.Sorry, I forgot the other option you have: Under http://www.samba.org/samba/support/ you find dozens of companies doing commercial support for Samba. I'm sure you will find one that will be able to make an offer to fix the problem for you. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20060510/780c211e/attachment.bin