valid users again
jra at samba.org
Sun Aug 6 19:12:04 GMT 2006
On Sun, Aug 06, 2006 at 01:49:53PM -0500, Gerald (Jerry) Carter wrote:
> Incorrect. "valid users = %S" doesn't work on any domain
> member with winbindd regardless of "winbind trusted domains
> only". If a local user exists that matches the domain username
> you will have this problem. Remember that we know consider
> unqualified names in smb.conf as local names. Domain users
> are still domain users even if mapped to an existing Unix
> account uid in this one case.
Ok, if there's already a case where "valid users = %S"
doesn't do the obvious thing then I withdraw my objection
to forcing an update to smb.conf. I was trying to follow
the principle of least suprises, but if this is already
broken then there's no benefit in adding an exception.
> Saying that "allow domain accounts on member servers
> running winbindd must be fully qualified" solves this
> in ever case.
Ok, I'm good with that.
> Despite my original patch, I feel really strongly that
> forcing an update to smb.conf is the correct decision here.
See above. I'm happy with your decision in this case.
More information about the samba-technical