git.samba.org - kamenim/samba-autobuild/.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Thu, 24 Jul 2014 07:12:14 +0000 (09:12 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Thu, 31 Jul 2014 16:48:36 +0000 (18:48 +0200)
commit	98426ad467fa64975bd9e6aa32530a2dde719035
tree	fadeb0934a49bdd73ae2c01d1e99f722166933e1	tree
parent	85a03c88446500609f6f2e8680bf940a7811e593	commit \| diff

lib/param: change the default for "winbind expand groups" to "0"

Expanding groups requires the usage of SAMR, which is often not possible
with the trust account credentials. This has caused a lot of trouble
in the past, as this is the only operation which requires a member to
contact a dc of a trusted domain directly, which is not always possible.
With this changed default, it should only be required to contact
a dc of our own domain. This is the correct behavior for a domain member.

As expanding groups is mostly cosmetic, we should avoid it.
This is similar to "winbind enum users" and "winbind enum groups",
which are also off by default.

Only some broken applications calculate the group memberships of
users by traversing groups, such applications will require
"winbind expand groups = 1".

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 31 18:48:36 CEST 2014 on sn-devel-104

docs-xml/smbdotconf/winbind/winbindexpandgroups.xml		diff \| blob \| history
lib/param/loadparm.c		diff \| blob \| history
source3/param/loadparm.c		diff \| blob \| history