Q: winbindd, unqualfied users, & name conflicts (a.k.a "Death to 'winbind use default domain'!")

Gerald (Jerry) Carter jerry at samba.org
Thu Jul 20 16:35:11 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker,

Assume I have a member server named LINUX joined to a
domain name AD.  Now assume I have a local user named foo
in my passdb and a user named foo in the domain as well.
I'm modifying winbindd_util.c:parse_domain_user() to do
a lookup_name() to try to figure out which domain to prepend
to the username rather than just assuming its a domain user.
But this means that we'll always choose the local user
(due to the order of an isolated search in lookup_name()).

The main problem is the use default domain abomination
will confuse local and domain users of the same name and
possibly return incorrect group membership.

I am about a 1/2 inch from marking the smb.conf option
as deprecated and adding similar option to pam_winbind.conf.
This option just cannot work reliably.

Do you have any suggestions?





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEv7C/IR7qMdg1EfYRAte3AJ9bR2BcglUsI4l47KSz0zH9FUX5YwCgk36H
50pVU6+8aK4QvmEeNAwBruw=
=DfC7
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list