[Samba] Winbind strip domain from username?

Gémes Géza geza at kzsdabas.hu
Tue Apr 16 14:24:22 MDT 2013 

2013-04-16 12:33 keltezéssel, Luc Lalonde írta:
> Hello Geza,
>
> Here's my 'smb.conf':
>
> [global]
> 	workgroup = FOO
> 	realm = foo.example.com
> 	netbios name = ROQUEFORT
> 	server role = active directory domain controller
> 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
>          idmap config * : range = 16777216-33554431
>          template shell = /bin/bash
>          winbind offline logon = false
>          winbind enum users = yes
>          winbind enum groups = yes
>          obey pam restrictions = yes
>          template homedir = /usagers/%U
> 	winbind use default domain = yes
> 	map untrusted to domain = no
>
>
> [netlogon]
> 	path = /usr/local/samba/var/locks/sysvol/foo.example.com/scripts
> 	read only = No
>
> [sysvol]
> 	path = /usr/local/samba/var/locks/sysvol
> 	read only = No
>
> Thanks for your help!
>
> Cheers!
>
> On 2013-04-16, at 12:09 AM, Gémes Géza <geza at kzsdabas.hu> wrote:
>
>> 2013-04-15 23:12 keltezéssel, Luc Lalonde írta:
>>> Hello Folks,
>>>
>>> This directive works with Samba3 but does not seem to work with Samba-4.0.5:
>>>
>>> winbind use default domain = Yes
>>>
>>> I want to get a username that does not contain the domain (GIGL).  Instead here's what I get:
>>>
>>> [root at roquefort ~]# getent passwd | grep GIGL
>>> GIGL\Administrator:*:0:100::/usagers/%U:/bin/bash
>>> GIGL\Guest:*:3000002:3000003::/usagers/%U:/bin/bash
>>> GIGL\krbtgt:*:3000007:100::/usagers/%U:/bin/bash
>>> GIGL\dns-stilton:*:3000008:100::/usagers/%U:/bin/bash
>>> GIGL\testuser:*:3000009:100::/usagers/%U:/bin/bash
>>> GIGL\llalonde:*:3000010:100::/usagers/%U:/bin/bash
>>>
>>> How do I remove the 'GIGL\' from the username?  This is causing me problems mounting the user's home directory at logon with 'PAM_MOUNT'
>>>
>>> What am I missing?
>>>
>>> Thank You!
>>>
>> Please attach your smb.conf.
>>
>> Regards
>>
>> Geza Gemes
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
So it is your AD DC then (server role = active directory domain 
controller) unfortunately in that role samba uses the winbind bundled 
into the samba binary which has many deficients compared to the 
standalone winbind binary (but which cannot be run on a DC)

Regards

Geza Gemes

More information about the samba mailing list