samba - Aug 2007 - "winbind enum = yes" ... oreilly samba books says "turn off" ... but things break. confused :-(

Hi all,

In the Oreilly "Using Samba" book pg 292 it is recommended to turn off
Winbindd(8) user and group enumeration (very expensive operation). However, when
doing this on FreeBSD -CURRENT the groups that users are in are not recognised.

When I enable user and group enumeration group permissions work (at least for
the first 16 groups) i.e. via chown(1).

So my  question is: From peoples' experience what do you do ? Turn
"enum" on or
                    off ? And do you experience the same problem I do ? Or is
                    this just a FreeBSD issue ?

 -aW

IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT
1914.  If you have received this email in error, you are requested to contact
the sender and delete the email.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wilkinson, Alex wrote:
> Hi all,
> 
> In the Oreilly "Using Samba" book pg 292 it is recommended 
> to turn off Winbindd(8) user and group enumeration (very
> expensive operation). However, when doing this on
> FreeBSD -CURRENT the groups that users are in are not recognised.
> 
> When I enable user and group enumeration group 
> permissions work (at least for the first 16 groups)
> i.e. via chown(1).
> 
> So my  question is: From peoples' experience what 
> do you do ? Turn "enum" on or off ? And do you experience
> the same problem I do ? Or is this just a FreeBSD issue ?
If this is true, then it is a really bad design in
FreeBSD.  Timur, can you confirm this?  Does FreeBSD
rely on set/get/endgrent to to get group memberships?




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGw2USIR7qMdg1EfYRAvtbAJwLOdTiaHEZ5K/mPtQM+hbWl2YYCwCgrbaY
H/tswsQvQKiIucK3xPlZHNc=8UGD
-----END PGP SIGNATURE-----