mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
2c50bdfed0
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Fri Sep 29 22:37:08 CEST 2017 on sn-devel-144
36 lines
1.6 KiB
XML
36 lines
1.6 KiB
XML
<samba:parameter name="winbind expand groups"
|
|
context="G"
|
|
type="integer"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This option controls the maximum depth that winbindd
|
|
will traverse when flattening nested group memberships
|
|
of Windows domain groups. This is different from the
|
|
<smbconfoption name="winbind nested groups"/> option
|
|
which implements the Windows NT4 model of local group
|
|
nesting. The "winbind expand groups"
|
|
parameter specifically applies to the membership of
|
|
domain groups.</para>
|
|
|
|
<para>This option also affects the return of non nested
|
|
group memberships of Windows domain users. With the
|
|
new default "winbind expand groups = 0" winbind does
|
|
not query group memberships at all.</para>
|
|
|
|
<para>Be aware that a high value for this parameter can
|
|
result in system slowdown as the main parent winbindd daemon
|
|
must perform the group unrolling and will be unable to answer
|
|
incoming NSS or authentication requests during this time.</para>
|
|
|
|
<para>The default value was changed from 1 to 0 with Samba 4.2.
|
|
Some broken applications (including some implementations of
|
|
newgrp and sg) calculate the group memberships of
|
|
users by traversing groups, such applications will require
|
|
"winbind expand groups = 1". But the new default makes winbindd
|
|
more reliable as it doesn't require SAMR access to domain
|
|
controllers of trusted domains.</para>
|
|
</description>
|
|
|
|
<value type="default">0</value>
|
|
</samba:parameter>
|