3.0.10 fails to start (OpenSuse 13.2)
Matthew Newton
mcn4 at leicester.ac.uk
Wed Oct 28 22:40:08 CET 2015
On Wed, Oct 28, 2015 at 05:03:46PM -0400, Arran Cudbard-Bell wrote:
> Do you know if it's possible to get group memberships via
> winbind? I assume yes, but I can't see any functions in the
> client API to do that...
I suspect something in
https://github.com/samba-team/samba/blob/master/nsswitch/libwbclient/wbclient.h#L1223-L1424
would give what you want.
Though they may have been "translated" into unix groups by winbind
by the time you see them, which is what you get from wbinfo:
# /opt/samba/bin/wbinfo --user-info=DOMAIN\\user
DOMAIN\user:*:16777216:16777216:Surname, Forename I.:/home/DOMAIN/user:/bin/bash
# /opt/samba/bin/wbinfo --user-groups=DOMAIN\\user
16777216
16777217
16777218
16777219
16777220
16777221
16777222
...
# /opt/samba/bin/wbinfo --gid-info=16777216
DOMAIN\domain users:x:16777216:
It's been a few months so I'd have to look in more detail again to
see what's available. But I think by the time the data comes over
the socket from winbind it's already been "mapped" to a UNIX GID
number. It returns this struct in the extra_data:
https://github.com/samba-team/samba/blob/master/nsswitch/winbind_struct_protocol.h#L197-L203
(this isn't visible in the API IIRC)
which is then copied to a normal unix struct group:
https://github.com/samba-team/samba/blob/master/nsswitch/libwbclient/wbc_pwd.c#L115
> It'd save calls to LDAP if we could grab everything at the same time.
It's also got a number of mallocs, so not designed for speed, but
might be faster than LDAP. And winbind caches information locally
(even when just doing auths which is a bit annoying as I think
this also slows things down unnecessarily in the mschap stuff) but
would be useful for the group lookups.
My to-do list also contains adding use of wbcCtxChangeUserPassword
to improve the ntlm_auth change password code. Stalled on that
before as I didn't have an quick way to test it :)
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list