do not support winbind users or groups in smb.confi
without seciftying a domain
abartlet at samba.org
Sun Nov 30 10:49:03 GMT 2003
On Sun, 2003-11-30 at 15:04, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Andrew Bartlett wrote:
> > This is what has me confused about this issue - if we can't
> > tell that this is a winbind group, and if nsswitch is
> > actually working correctly, how is a winbind group any different
> > from a local unix group?
> > I understand this means we cannot apply any 'is winbind group'
> > optimisations, but other than that, what is is about these
> > groups that causes things to break?
> In theory you are correct but not in practice. There are several
> hand tuned cases for winbindd in the smbd code. I've had three
> or four bugs come up because of this. The code doesn't work correctly
> because no one ever ran the full series of tests. And since the
> original intent was to use 'winbind use default domain' for unix
> services, i'm just suggesting that we stick with that plan. It's no
> help for smb.conf.
The only problem I can see is that we will be inconsistent between users
and groups. I know you will really hate me now, but with 'winbind use
default domain', the 'users' part of the equation needs to *not* have
the domain prefix, while you propose that the groups must have it.
The thing is, we resolve all groups into a GID (this needs to be
optimised better for the winbind case) but we handle the users as a
string match. This causes the 'REAM.FOO\user' v 'DOMAIN\user' bug.
(where valid users gives us one, but the kerberos login gives the
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031130/0a953d35/attachment.bin
More information about the samba-technical