valid users again

Jeremy Allison jra at
Sun Aug 6 19:12:04 GMT 2006

On Sun, Aug 06, 2006 at 01:49:53PM -0500, Gerald (Jerry) Carter wrote:
> Incorrect.  "valid users = %S" doesn't work on any domain
> member with winbindd regardless of "winbind trusted domains
> only".  If a local user exists that matches the domain username
> you will have this problem.  Remember that we know consider
> unqualified names in smb.conf as local names.  Domain users
> are still domain users even if mapped to an existing Unix
> account uid in this one case.

Ok, if there's already a case where "valid users = %S"
doesn't do the obvious thing then I withdraw my objection
to forcing an update to smb.conf. I was trying to follow
the principle of least suprises, but if this is already
broken then there's no benefit in adding an exception.

> Saying that "allow domain accounts on member servers
> running winbindd must be fully qualified" solves this
> in ever case.

Ok, I'm good with that.

> Despite my original patch, I feel really strongly that
> forcing an update to smb.conf is the correct decision here.

See above. I'm happy with your decision in this case.


More information about the samba-technical mailing list