-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Li, Ying (ESG) wrote:
| By the way, without idmap_rid, BUILTIN group's gid | can be displayed when 'winbind nested groups = No' ok. That's the key thing I needed to know. Thanks. | When winbind nested groups is enabled, it works | for ADS and Domain level. Accually, it seems we don't | need to turn on the option on ADS. Why should it be | turned on for DOMAIN? LDAP searches vs. different RPC calls for domain and builtin groups I expect. Or simply a misplaced checked that verifies the domain SID. They may be some hoops you could jump though with the current idmap_rid module. I assume that it is just verifying that the SID you are resolving matches our own domain SID. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFe6mIR7qMdg1EfYRAjpmAJ92MEIMNN1hLTptyC1AlFqfVfWlTACguqpd k+tp4X7z5r3+v7AaYpyqfA4= =sS0i -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
