Winbind issue after upgrading from 4.7.x to 4.8.x
Rowland Penny
rpenny at samba.org
Fri Aug 10 14:27:40 UTC 2018
On Fri, 10 Aug 2018 10:22:28 +0200
Miguel Sanders via samba-technical <samba-technical at lists.samba.org>
wrote:
> Hi
>
> It's a known bug apparently (#13503).
>
Yes, it might be, but it also says:
[quote]
getpwnam resolves local system accounts to AD accounts.
This is normally how the lookup is done:
getent passwd ADDOMAIN/alice
ADDOMAIN/alice:*:100000:100006::/home/ADDOMAIN/Domain Users/alice:/bin/false
This should not resolve to an AD user, unless 'winbind use default domain = yes' is set:
getent passwd alice
ADDOMAIN/alice:*:100000:100006::/home/ADDOMAIN/Domain Users/alice:/bin/false
[/quote]
I would love to see the smb.conf that allows the above.
From my investigations, there are several things wrong with it, one is
'ADDOMAIN/alice', to be correct on Unix, it should be 'ADDOMAIN\\alice'.
You would probably also need 'map untrusted to domain = yes' to stand
any chance of getting this to work, but I cannot. I cannot get any
variation of DOMAIN + separator + alice (with alice in /etc/passwd) to
give any output with 'getent passwd'
As I have already told you, you should not have a user 'XYZ'
in /etc/passwd and a user 'XYZ' in AD, just make the AD user into a
Unix user. In fact, I cannot add a user to /etc/passwd if it already
exists in AD:
root at dc4:~# useradd -M -N rowland
useradd: user 'rowland' already exists
root at dc4:~# getent passwd rowland
SAMDOM\rowland:*:10000:10000::/home/rowland:/bin/bash
root at dc4:~# cat /etc/passwd | grep 'rowland'
root at dc4:~#
root at dc4:~#
Rowland
More information about the samba-technical
mailing list