winbind separator ignored in smb.conf
Mike Papper
mike at digitalpipe.net
Wed Oct 24 20:06:01 GMT 2001
So, I tried:
winbind separator = \\
winbind separator = "\\"
winbind separator = "\"
winbind separator = '\\'
winbind separator = '\'
winbind separator = \\
with a blank line aftert the \\
and also
winbind separator = \
with a blank line after.
None work.
Why I would want this: I parse the set of usernames returned from the
getgrent and getpwnam C calls and add the names to a database. The database
is best if it reflects the actual string value that matches the users domain
+ name exactly (there is a case sensitivity issue here, which I'll deal with
later).
I have users log in to the system via web page using the mod_ntlm apache
plug-in (so they dont really login, just their username is taken from their
windows login if theyre using IE). This sets an environment variable that I
can use in PHP to "query" the database about a particular user.
To make things easy? I try to keep the format of the name consistent so that
it "looks" correct to the user - if we shoud ever happen to print out a users
name in a web page (which we do).
P.S. thanks for the replies.
Mike Papper
On Wednesday 24 October 2001 12:33 pm, you wrote:
> I agree that the '+' sign is pretty reasonable. It's what I use here.
> There is mention of the back-slash in the doc's however. This is probably
> what leads people to try it. (The "'s are what gets the \'s to work as a
> separator in the conf file because it is the escape-key in shell). I agree
> with Andrew that it probably isn't a good idea to use '\''s.
>
> I _can_ specify
>
> winbind separator = \\
>
> as my separator though,
>
> ...if I have a comment after that line
> ;-> I get _really_ funky names though
>
> If I specify
>
> winbind separator = "\\" it works much better but might still cause shell
> confusion... (I wouldn't want to bet on it being benign)
>
> But.... it didn't default back to '+' when I tried either experiment. I
> still wonder if the separator specification is even making it to samba.
>
> On 24-Oct-2001 Esh, Andrew wrote:
> > Winbindd is probably reading that option and not getting a reasonable
> > result, so it goes back to the default value, which is "+".
> >
> > You wouldn't want to use that for a separator anyway. In a shell, that's
> > an escaped blackslash. The separator is not the one used by the Windows
> > clients; they still use '\'. The separator is what Unix users will have
> > to type in order to refer to a Windows domain user. Using a plus sign as
> > a separator, and being in a domain called "foo", the user named "bar"
> > would have to log into Unix with the user name "foo+bar", and their files
> > would show up as being owned by a user by the same name. In Windows, this
> > person would mount the Samba share by logging in as "foo\bar", or "bar"
> > if they are in the same domain.
> >
> > Unless your Windows users are logging in and using Unix directly, they
> > will never see the separator. If they are, then the plus sign is a lot
> > less troublesome than escaped slashes. I'd strip out that separator
> > setting you are trying to use, and work with what you have.
> >
> > Of course if you still have a burning desire to use a backslash, let's
> > hear about it.
> >
> > BTW: If you see domain extended user names in the getent passwd output,
> > then you ARE running winbindd and it's working correctly. That's the last
> > test in my winbindd testing recipe, and you passed.
> >
> > -----Original Message-----
> > From: jtrostel at snapserver.com [mailto:jtrostel at snapserver.com]
> > Sent: Wednesday, October 24, 2001 1:25 PM
> > To: Mike Papper
> > Cc: samba at lists.samba.org; samba-technical at samba.org
> > Subject: Re: winbind separator ignored in smb.conf
> >
> >
> > hmmm.... also check to make sure you really are running the winbindd you
> > think
> > you are and the smb.conf file you think you are. (Is it a /etc/smb.conf
> > vs. /usr/local/samba/lib/smb.conf file thing?)
> >
> > On 24-Oct-2001 Mike Papper wrote:
> >> This line in my smb.conf seems tobe ignored:
> >>
> >> winbind separator = \\
> >>
> >> doing a "getent passwd" always returns domain separated using "+".
> >>
> >> any ideas?
> >>
> >> --
> >> Mike Papper
> >> Digital Pipe
> >> mike at digitalpipe.net
> >> 650-627-5100 ext. 5211
> >
> > --
> > John M. Trostel
> > Senior Software Engineer
> > Quantum Corp. / NASD
> > jtrostel at snapserver.com
--
Mike Papper
Digital Pipe
mike at digitalpipe.net
650-627-5100 ext. 5211
More information about the samba-technical
mailing list