Q: winbindd, unqualfied users, & name conflicts (a.k.a "Death
to 'winbind use default domain'!")
Gerald (Jerry) Carter
jerry at samba.org
Thu Jul 20 17:37:10 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
>> I am about a 1/2 inch from marking the smb.conf option
>> as deprecated and adding similar option to pam_winbind.conf.
>> This option just cannot work reliably.
>> Do you have any suggestions?
> I would just document that local users will
> always take precendence.
> Winbind use default domain is too valuable to
> be removed imho.
First assigning the wrong groups to a user is a security
issue. Second, I said pull 'winbind use default domain'
from the server code and put it in the client code.
The fact is that this parameter is fundamentally broken.
It cannot actually work correctly. At some point (probably
for 3.0.24) we will have to break it and move it to the
client. There is no way around it.
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical