Spaces in groupname and winbind

Tue Mar 19 16:32:54 GMT 2002

2.2.3a on Solaris 8 --with-pam & --with-winbind of course...

On Tue, 2002-03-19 at 16:47, MCCALL,DON (HP-USA,ex1) wrote:
> Hi Matt - this looks familiar.
> What version of samba are you using?
> 
> -----Original Message-----
> From: Matt Pavlovich [mailto:mpav at algx.net]
> Sent: Tuesday, March 19, 2002 5:02 PM
> To: MCCALL,DON (HP-USA,ex1)
> Subject: RE: Spaces in groupname and winbind
> 
> 
> Don-
> 
> Any ideas on the return of groups?  
> 
> Got another one--
> 
> getent passwd returns weirdness:
> # getent passwd | grep mpav
> mpav:x:1001:10::/export/home/mpav:/usr/bin/bash
> ATI_DOM+mpavlovi:x,mpavlovi:10000:10000:Pavlovich, Matthew
> R.:/export/home/samba/ATI_DOM/mpavlovi:/bin/false
> 
> mpav is a local unix account w/ /etc/passwd entries.. ATI_DOM+mpavlovi
> is the NT domain account.. look at the password filed: "x,mpavlovi".  I
> am having problems authenticating to the server... is this an issue?
> 
> Thanks,
> Matt Pavlovich
> 
> On Mon, 2002-03-18 at 15:15, MCCALL,DON (HP-USA,ex1) wrote:
> > Hi Matt,
> > Do you have a LARGE user and/or group base in the NT domain you are
> querying
> > against?  
> > Does getent group ALWAYS return the same subset of groups, or does the
> > output differ each time you do it?
> > Is there anything outstandingly different between the groups that show up
> > with getent group and the ones that don't (but do with wbinfo -g)?
> > Don
> > 
> > -----Original Message-----
> > From: Matt Pavlovich [mailto:mpav at algx.net]
> > Sent: Monday, March 18, 2002 11:03 AM
> > To: MCCALL,DON (HP-USA,ex1)
> > Cc: samba-technical at lists.samba.org
> > Subject: RE: Spaces in groupname and winbind
> > 
> > 
> > Don-
> > 
> > Thanks for the clarification.  That seems to work.  My only problem now
> > is that only a few groups are being returned w/ 'getent group'.  I can
> > get a full list of groups by doing a wbinfo -g, but not through the name
> > service.  Anything that does a group ID -> group Name mapping, like
> > "ls", etc, are severely slowed down, and remote authentication isn't
> > working in some cases.  Presumably due to the inability to map 'valid
> > users = @GROUPNAME' b/c the groupname isn't coming through getgrp().
> > 
> > Anyone else see this on Solaris 8?
> > 
> > Matt Pavlovich
> > 
> > On Fri, 2002-03-15 at 14:52, MCCALL,DON (HP-USA,ex1) wrote:
> > > Sorry Matt (inherent danger of cutting and pasting from someone elses
> > > message - Lin Li, in this case, who was using the domain separator "\"),
> > > use the domain separator you have defined in your smb.conf
> > > file.
> > > Don
> > > 
> > > -----Original Message-----
> > > From: Matt Pavlovich [mailto:mpav at algx.net]
> > > Sent: Friday, March 15, 2002 3:30 PM
> > > To: MCCALL,DON (HP-USA,ex1)
> > > Cc: samba-technical at lists.samba.org
> > > Subject: RE: Spaces in groupname and winbind
> > > 
> > > 
> > > Don-
> > > 
> > > Would I use "\" or the domain separator, in my case "+"?  I see winbind
> > > does a translation at one point.. but I do not know the order of
> > > operation.
> > > 
> > > Matt Pavlovich
> > > 
> > > On Fri, 2002-03-15 at 14:26, MCCALL,DON (HP-USA,ex1) wrote:
> > > > Hi Matt,
> > > > I haven't tried this myself, but someone else on the list swears that
> > this
> > > > will work:
> > > > quote:
> > > > 
> > > > I just find use valid users = ' @"DOMAIN\Domain Users" ' will work.
> > > > endquote.
> > > > 
> > > > Hope this helps,
> > > > Don
> > > > 
> > > > -----Original Message-----
> > > > From: Matt Pavlovich [mailto:mpav at algx.net]
> > > > Sent: Friday, March 15, 2002 3:09 PM
> > > > To: samba-technical at lists.samba.org
> > > > Subject: Spaces in groupname and winbind
> > > > 
> > > > 
> > > > When trying to limit access to a share with the parameter:
> > > > valid users= @DOMAIN+group name, winbind has problems parsing that
> name.
> > > > 
> > > > Is the group is "Ras Users" --
> > > > 
> > > > log.winbind 
> > > > [2002/03/15 14:04:50, 5] rpc_parse/parse_prs.c:dbg_rw_punival(730)
> > > >           0030 buffer     :  . at .D.O.M.A.I.N.\.R.a.s.
> > > > 
> > > > I also tried the suggested fix of:
> > > > 
> > > > valid users= " "@DOMAIN+Group name" "
> > > > 
> > > > What would be the valid syntax to escape the space with winbind?
> > > > 
> > > > Matt Pavlovich
> > > 
> > 
>