wbinfo -i output domain realm vs. ntdomain before login
heiner.lesaar at googlemail.com
Thu Apr 19 12:23:25 UTC 2018
Thanks a lot, Rowland!
I didn´t check who was replying - apologies for the "kind subscriber"
comment - at least I used "kind" ;)
To answer your question, we are connecting from various clients (Win7,
Win10, OSX) and see this behaviour on several machines (not just one
particular) and it is reproducible.
The smb.conf file:
server string=EXAMPLE SMB
max log size=5000
map to guest=bad user
enable core files=no
nt acl support=no
aio read size=1
aio write size=1
map read only=no
hide dot files=yes
idmap config * : range=16777216-33554431
idmap config * : backend=tdb2
idmap config NTDOMAIN : range=43554431-56666666
idmap config NTDOMAIN : backend=rid
winbind offline logon=false
winbind enum users=yes
winbind enum groups=yes
winbind use default domain=no
winbind nested groups=yes
winbind refresh tickets=yes
winbind expand groups=1
auth methods=sam winbind
Thank you very much for your help and assistance! This behaviour is driving
us mad already for a couple of weeks :D
---------- Weitergeleitete Nachricht ----------
From: Rowland Penny <rpenny at samba.org>
To: samba-technical at lists.samba.org
Date: Wed, 18 Apr 2018 17:51:21 +0100
Subject: Re: wbinfo -i output domain realm vs. ntdomain before login
On Wed, 18 Apr 2018 18:31:01 +0200
Heiner Lesaar via samba-technical <samba-technical at lists.samba.org>
> Dear all,
> I have posted on samba at lists before and got a hint towards a change of
> winbind behaviour since samba 4.7 from a kind subscriber,
I am a bit more than a subscriber ;-)
But what I said, as far as group membership is concerned, is correct.
> unfortunately the hint towards a change in group membership
> calculation does not really (seem to) relate to my question.
> I would like to be able to get a consistent result when running
> wbinfo -i so that it does not differ between user creation and after
> first login.
> For reference, please see my original request below and thanks a lot
> for your help and suggestions!
> On CentOs7 based linux w. different versions of Samba (4.6.x from
> CentOS repos, but also Sernet-Samba-4.7.4 and also compiled from
> source), "wbinfo -i user at domain.tld" returns different results before
> the first successful authentication of the user.
> Server joined as member to Active Directory, idmapping via tdb2 and
> rid or ad - does not seem to make a difference.
> On first attempt, the result returns "DOMAIN-REALM+Username", but
> after 1st login it switches to "NTDOMAIN+Username"
Now this is the strange part, I never see this, what are you connecting
from and if it is a Unix machine, can we see your smb.conf.
More information about the samba-technical