3.0.10 fails to start (OpenSuse 13.2)

Matthew Newton mcn4 at leicester.ac.uk
Wed Oct 28 22:40:08 CET 2015

On Wed, Oct 28, 2015 at 05:03:46PM -0400, Arran Cudbard-Bell wrote:
> Do you know if it's possible to get group memberships via
> winbind? I assume yes, but I can't see any functions in the
> client API to do that...

I suspect something in


would give what you want.

Though they may have been "translated" into unix groups by winbind
by the time you see them, which is what you get from wbinfo:

# /opt/samba/bin/wbinfo --user-info=DOMAIN\\user
DOMAIN\user:*:16777216:16777216:Surname, Forename I.:/home/DOMAIN/user:/bin/bash
# /opt/samba/bin/wbinfo --user-groups=DOMAIN\\user
# /opt/samba/bin/wbinfo --gid-info=16777216
DOMAIN\domain users:x:16777216:

It's been a few months so I'd have to look in more detail again to
see what's available. But I think by the time the data comes over
the socket from winbind it's already been "mapped" to a UNIX GID
number. It returns this struct in the extra_data:


(this isn't visible in the API IIRC)

which is then copied to a normal unix struct group:


> It'd save calls to LDAP if we could grab everything at the same time.

It's also got a number of mallocs, so not designed for speed, but
might be faster than LDAP. And winbind caches information locally
(even when just doing auths which is a bit annoying as I think
this also slows things down unnecessarily in the mschap stuff) but
would be useful for the group lookups.

My to-do list also contains adding use of wbcCtxChangeUserPassword
to improve the ntlm_auth change password code. Stalled on that
before as I didn't have an quick way to test it :)


Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list