wbinfo -i output domain realm vs. ntdomain before login
Heiner Lesaar
heiner.lesaar at googlemail.com
Thu Apr 19 12:23:25 UTC 2018
Thanks a lot, Rowland!
I didnĀ“t check who was replying - apologies for the "kind subscriber"
comment - at least I used "kind" ;)
To answer your question, we are connecting from various clients (Win7,
Win10, OSX) and see this behaviour on several machines (not just one
particular) and it is reproducible.
The smb.conf file:
#####
[global]
log level=7
realm=DOMAIN.INTERN
netbios name=EXAMPLE
workgroup=ELEMENTS
server string=EXAMPLE SMB
log file=/var/log/samba/log.%m
max log size=5000
security=ads
passdb backend=tdbsam
load printers=no
printing=bsd
printcap name=/dev/null
map to guest=bad user
enable core files=no
server signing=disabled
client signing=disabled
nt acl support=no
max xmit=1048576
block size=4096
aio read size=1
aio write size=1
map system=no
map archive=no
map read only=no
dns proxy=no
wins proxy=no
hide dot files=yes
ntlm auth=yes
idmap config * : range=16777216-33554431
idmap config * : backend=tdb2
idmap config NTDOMAIN : range=43554431-56666666
idmap config NTDOMAIN : backend=rid
winbind offline logon=false
winbind separator=+
winbind enum users=yes
winbind enum groups=yes
winbind use default domain=no
winbind nested groups=yes
winbind refresh tickets=yes
winbind expand groups=1
auth methods=sam winbind
[benchmark]
comment=
path=/data/snfs1/benchmark
guest ok=yes
browseable=yes
create mask=0777
directory mask=0777
read only=no
follow symlinks=yes
wide links=no
###
####################################
Thank you very much for your help and assistance! This behaviour is driving
us mad already for a couple of weeks :D
Many regards,
Heiner
---------- Weitergeleitete Nachricht ----------
From: Rowland Penny <rpenny at samba.org>
To: samba-technical at lists.samba.org
Cc:
Bcc:
Date: Wed, 18 Apr 2018 17:51:21 +0100
Subject: Re: wbinfo -i output domain realm vs. ntdomain before login
On Wed, 18 Apr 2018 18:31:01 +0200
Heiner Lesaar via samba-technical <samba-technical at lists.samba.org>
wrote:
> Dear all,
>
> I have posted on samba at lists before and got a hint towards a change of
> winbind behaviour since samba 4.7 from a kind subscriber,
I am a bit more than a subscriber ;-)
But what I said, as far as group membership is concerned, is correct.
>but
> unfortunately the hint towards a change in group membership
> calculation does not really (seem to) relate to my question.
>
> I would like to be able to get a consistent result when running
> wbinfo -i so that it does not differ between user creation and after
> first login.
>
> For reference, please see my original request below and thanks a lot
> for your help and suggestions!
>
> Heiner
>
>
> On CentOs7 based linux w. different versions of Samba (4.6.x from
> CentOS repos, but also Sernet-Samba-4.7.4 and also compiled from
> source), "wbinfo -i user at domain.tld" returns different results before
> the first successful authentication of the user.
>
> Server joined as member to Active Directory, idmapping via tdb2 and
> rid or ad - does not seem to make a difference.
>
> On first attempt, the result returns "DOMAIN-REALM+Username", but
> after 1st login it switches to "NTDOMAIN+Username"
Now this is the strange part, I never see this, what are you connecting
from and if it is a Unix machine, can we see your smb.conf.
Rowland
More information about the samba-technical
mailing list