do not support winbind users or groups in
smb.confi without seciftying a domain
Gerald (Jerry) Carter
jerry at samba.org
Sun Nov 30 13:57:17 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett wrote:
| The only problem I can see is that we will be
| inconsistent between users and groups. I know you will really
| hate me now, but with 'winbind use default domain', the 'users'
| part of the equation needs to *not* have the domain prefix,
| while you propose that the groups must have it.
not true. I've run the tests and made sure we always pass in
DOMAIN\user to user_in_list(). The only place that we should
deal with a stripped user name is in winbindd_pam_auth[_crap]().
| The thing is, we resolve all groups into a GID (this needs to be
| optimised better for the winbind case) but we handle the users as a
| string match. This causes the 'REAM.FOO\user' v 'DOMAIN\user' bug.
| (where valid users gives us one, but the kerberos login gives the
| other).
Right, but we don't have that now and will not have it for 3.0.1
- --
jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/yfc9IR7qMdg1EfYRAlmBAJ9C1n0NK574JqUNOS9MaHXoPzGlpgCgngYy
CJJE5dFXEShQpIQTNUTIaAQ=
=3hrs
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list