wbinfo -i output domain realm vs. ntdomain before login
Rowland Penny
rpenny at samba.org
Thu Apr 19 12:48:35 UTC 2018
On Thu, 19 Apr 2018 14:29:38 +0200
Andreas Schneider via samba-technical <samba-technical at lists.samba.org>
wrote:
> On Wednesday, 18 April 2018 18:31:01 CEST Heiner Lesaar via
> samba-technical wrote:
> > Dear all,
> >
> > I have posted on samba at lists before and got a hint towards a change
> > of winbind behaviour since samba 4.7 from a kind subscriber, but
> > unfortunately the hint towards a change in group membership
> > calculation does not really (seem to) relate to my question.
> >
> > I would like to be able to get a consistent result when running
> > wbinfo -i so that it does not differ between user creation and
> > after first login.
> >
> > For reference, please see my original request below and thanks a
> > lot for your help and suggestions!
> >
> > Heiner
> >
> >
> > On CentOs7 based linux w. different versions of Samba (4.6.x from
> > CentOS repos, but also Sernet-Samba-4.7.4 and also compiled from
> > source), "wbinfo -i user at domain.tld" returns different results
> > before the first successful authentication of the user.
> >
> > Server joined as member to Active Directory, idmapping via tdb2 and
> > rid or ad - does not seem to make a difference.
> >
> > On first attempt, the result returns "DOMAIN-REALM+Username", but
> > after 1st login it switches to "NTDOMAIN+Username" (which is also
> > the correct output). The tdb files also show the "wrong" info until
> > the login is done (according to tdbdump comparison). It does not
> > matter if the login happens on a client or like in my example
> > "locally" via smbclient.
> >
> >
> > See command output examples:
> >
> > #########
> > 1st execution after user creation in AD:
> >
> > # $ wbinfo -i newuser at test.intern
> >
> > # TEST.INTERN+newuser:*:16777239:16777216::/home/TEST.
> > INTERN/newuser:/bin/false
> >
> > Authentication (e.g. here via smbclient):
> >
> > # $ smbclient \\\\127.0.0.1\\sharename -U newuser at test.intern
> >
> > Execution after 1st login:
> >
> > # $ wbinfo -i newuser at test.intern
> >
> > # TEST+newuser:*:16777239:16777216::/home/TEST/newuser:/bin/false
> >
> > #########
> >
> > We use the command output to create database entries in a in-house
> > developed database / application to centrally manage client logins
> > from various operating systems.
> >
> > My questions are:
> >
> > 1) Is this expected behaviour or is it influenced by some smb.conf
> > or krb5.conf option that we are not aware of?
> >
> > 2) Is there a way to query the domain "prefix" of a user which will
> > not change depending on the fact if the user has ever tried to
> > login to the server or not?
> > Does it maybe depend on some command line option?
> >
> > FYI: getent passwd shows the same behaviour.
> >
> >
> >
> > Thank you very much for your help and assistance!
>
> This sounds like https://bugzilla.samba.org/show_bug.cgi?id=13369
>
It also does the same if you only use the username:
rowland at devstation:~$ wbinfo -i unix1
SAMDOM.EXAMPLE.COM\unix1:*:10024:10000::/home/unix1:/bin/bash
Rowland
More information about the samba-technical
mailing list