Variable Substitution for NT Domain

Jeremy Allison jeremy at
Wed Nov 22 22:18:49 GMT 2000

Jason Haar wrote:
> On Wed, Nov 22, 2000 at 11:59:30AM -0800, Jeremy Allison wrote:
> > > where %D is the NT Domain of the connecting user (I
> > > run samba in security=domain mode). Unfortunately,
> > > there doesn't seem to be a variable for NT
> > > Domain/Workgroup in the existing substitutions.
> >
> > This is a good idea. Try the following patch for 2.0.7 to add the
> > substitutions %D and %W to mean the same thing, the global
> > workgroup/domain the Samba server is in.
> This is great - can it be filled out a bit too? Namely I want to use the
> "add user script" to auto-create accounts - but they're multi-domain.
> Could Samba be smartened up to do user matches of:
> "unix user" == "domain + nt user"
> e.g.
> when DOM\jhaar connects, and Samba is a member server of DOM, then that
> should match Unix user "jhaar" (and if that doesn't exist, look for
> DOM-jhaar), but when DOM2\jhaar connects, then that should match Unix user
> "DOM2-jhaar" (or whatever separator is deemed appropriate). At the moment
> Samba is really only single-domain capable.

Herb just pointed out to me it's the domain of the *client*
that is required, not the server. This is available in 2.2 in
the userdom struct, available from the standard_sub_advanced()
call, but not available in 2.0 as it is not stored.

I'll modify the patch for 2.2 and HEAD to use %W for workgroup
of the server, and %D for domain of the client - does this make
sense ?


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list