Q: winbindd, unqualfied users, & name conflicts (a.k.a "Death to
'winbind use default domain'!")
Gerald (Jerry) Carter
jerry at samba.org
Thu Jul 20 16:35:11 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Assume I have a member server named LINUX joined to a
domain name AD. Now assume I have a local user named foo
in my passdb and a user named foo in the domain as well.
I'm modifying winbindd_util.c:parse_domain_user() to do
a lookup_name() to try to figure out which domain to prepend
to the username rather than just assuming its a domain user.
But this means that we'll always choose the local user
(due to the order of an isolated search in lookup_name()).
The main problem is the use default domain abomination
will confuse local and domain users of the same name and
possibly return incorrect group membership.
I am about a 1/2 inch from marking the smb.conf option
as deprecated and adding similar option to pam_winbind.conf.
This option just cannot work reliably.
Do you have any suggestions?
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical