This is like talking to myself, but here goes:

On Sun, Jan 8, 2017 at 3:00 PM, <selva.n...@gmail.com> wrote:

> Currently the username unqualified by the domain is used to validate
> a user which fails for domain users. Instead compare the user's SID
> with SIDs in the Administrators group and ovpn_admin_group.
> This has the advantage that connection to a domain controller is not
> required and will work even when user is logged in with cached credentials.
> Limitations:
> (i) Group membership is not checked recursively
> (ii) Domain administrators will not be recognized as members of local
> Administrators group.
> Resolves Trac: #810

Based on further discussions on Trac: #810, domain admins are
understandably not pleased with those limitations. I'll submit a v2.

Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
Openvpn-devel mailing list

Reply via email to