do not support winbind users or groups in smb.confi without seciftying a domain

Andrew Bartlett abartlet at
Sun Nov 30 10:49:03 GMT 2003

On Sun, 2003-11-30 at 15:04, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Andrew Bartlett wrote:
> > This is what has me confused about this issue - if we can't 
>  > tell that this is a winbind group, and if nsswitch is
>  > actually working correctly, how is a winbind group any different
>  > from a local unix group?
> > 
> > I understand this means we cannot apply any 'is winbind group'
> > optimisations, but other than that, what is is about these 
>  > groups that causes things to break?
> In theory you are correct but not in practice.  There are several
> hand tuned cases for winbindd in the smbd code.  I've had three
> or four bugs come up because of this.  The code doesn't work correctly 
> because no one ever ran the full series of tests.  And since the 
> original intent was to use 'winbind use default domain' for unix 
> services, i'm just suggesting that we stick with that plan.  It's no 
> help for smb.conf.

The only problem I can see is that we will be inconsistent between users
and groups.   I know you will really hate me now, but with 'winbind use
default domain', the 'users' part of the equation needs to *not* have
the domain prefix, while you propose that the groups must have it.

The thing is, we resolve all groups into a GID (this needs to be
optimised better for the winbind case) but we handle the users as a
string match.  This causes the 'REAM.FOO\user' v 'DOMAIN\user' bug. 
(where valid users gives us one, but the kerberos login gives the

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list