samba - Jun 2006 - Getting a list of users in a group - how?

Hi all,

Hopefully this is a simple one - I'm trying to work out how to get a
list of users in a certain group.  If I have the following set up in
Active Directory:

  Group1
   - UserA
   - UserB

  Group2
   - UserC
   - UserD

  AllGroups
   - Group1
   - Group2
   - UserX

Then I want to be able to say "List all users in the AllGroups group"
and I should get UserA,B,C,D and UserX returned.

I'm not sure how to go about this - wbinfo only seems able to return
the groups a single user is a member of, and 'getent group' only
returns people specifically in that group (i.e. "getent group
AllGroups" only returns UserX, it ignores the nested groups, even
if "winbind nested groups = yes" in smb.conf.)

Any ideas how to list *all* the users in a specific group?

Thanks,
Adam.

On Fri, Jun 23, 2006 at 04:01:52PM +1000, Adam Nielsen
wrote:
> Any ideas how to list *all* the users in a specific group?
This is not available via winbind yet. It is also low
priority for us, because doing this correctly is really a
huge mess and not reliably doable anyway. The latter is not
our fault, this is what Windows dictates upon us.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20060623/b018a8d3/attachment.bin

My crude hack at a solution, but it works for me so here goes . . . . .

#!/bin/sh
# /usr/local/bin/get_grp_mem <domain group>
#
# <domain sid> is derived from:
#
# wbinfo -n <domain account>
#
# S-1-2-33-4444444444-555555555-666666666-XXXXX User (1)
#
# <domain sid> = S-1-2-33-4444444444-555555555-666666666
#
grpid=`wbinfo -n $1 | sed 's/<domain sid>-//' | sed 's/
Domain..*//'`
for i in `rpcclient -W <domain name> -U <domain
account>%<password> -c
"querygroupmem  \ 
$grpid" <domain controller> | tr -s '\t' ' ' | sed
's/^ rid:\[0x//g' | sed
's/\] attr:\[0x7\]//g'`
do
wbinfo -s <domain sid>-`echo ${i} | /usr/local/bin/hex2ascii`
done
#end-of-script


#!/usr/bin/perl -w
# /usr/local/bin/hex2ascii
#
use Term::ANSIColor;
$con=hex("$ans");
print "$con\n";
#end-of-script


-----------------------------------------------------
toby bluhm
philips medical systems, cleveland ohio
tobias.bluhm@philips.com
440-483-5323

> Hi all,
> 
> Hopefully this is a simple one - I'm trying to work out how to get a
> list of users in a certain group.  If I have the following set up in
> Active Directory:
> 
>   Group1
>    - UserA
>    - UserB
> 
>   Group2
>    - UserC
>    - UserD
> 
>   AllGroups
>    - Group1
>    - Group2
>    - UserX
> 
> Then I want to be able to say "List all users in the AllGroups
group"
> and I should get UserA,B,C,D and UserX returned.
> 
> I'm not sure how to go about this - wbinfo only seems able to return
> the groups a single user is a member of, and 'getent group' only
> returns people specifically in that group (i.e. "getent group
> AllGroups" only returns UserX, it ignores the nested groups, even
> if "winbind nested groups = yes" in smb.conf.)
> 
> Any ideas how to list *all* the users in a specific group?
> 
> Thanks,
> Adam.