Q: winbindd, unqualfied users, & name conflicts (a.k.a "Death to 'winbind use default domain'!")

Gerald (Jerry) Carter jerry at samba.org
Thu Jul 20 16:35:11 GMT 2006

Hash: SHA1


Assume I have a member server named LINUX joined to a
domain name AD.  Now assume I have a local user named foo
in my passdb and a user named foo in the domain as well.
I'm modifying winbindd_util.c:parse_domain_user() to do
a lookup_name() to try to figure out which domain to prepend
to the username rather than just assuming its a domain user.
But this means that we'll always choose the local user
(due to the order of an isolated search in lookup_name()).

The main problem is the use default domain abomination
will confuse local and domain users of the same name and
possibly return incorrect group membership.

I am about a 1/2 inch from marking the smb.conf option
as deprecated and adding similar option to pam_winbind.conf.
This option just cannot work reliably.

Do you have any suggestions?

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


More information about the samba-technical mailing list