Samba package 4.9.x samba smbd not playing with winbind.

Andreas Hasenack andreas at canonical.com
Fri Nov 30 17:04:07 UTC 2018 

On Tue, Sep 25, 2018 at 11:20 AM Alexander Bokovoy via samba-technical
<samba-technical at lists.samba.org> wrote:
>
> On ti, 25 syys 2018, L.P.H. van Belle via samba-technical wrote:
> > @Rowland
> > Now reboot your server.
> > And smbd isnt started anymore at boot.
> > Dont get fooled that it started before..
> >
> >
> > @Alexander
> > Now small comment on :
> > > With 4.9.0 we expanded guest handling to differentiate between anonymous and guest sessions.
> > > This required a proper handling of BUILTIN\Guests and thus is now forces to be able
> > > to have either writable backend or aliases configured properly.
> > >
> > Yes, that is known.
> >
> > And sorry, but in my opinion this is not handled properly.
> >
> > A "stand alone" setup does not require BUILTIN\Guests maybe COMPUTERNAME\Guests
> > S-1-5-32-546 != SID: S-1-5-21domain-514
> > Guests                        Domain Guests
> All is needed is BUILTIN\Guests, not Domain Guests.
>
> See e8dc55d2b969 and https://bugzilla.samba.org/show_bug.cgi?id=13328
>
> > > Question is mostly what defaults we should have for BUILTIN\Guests.
> > > Perhaps, we should always do the groupmap rule I added...
> > >
> >
> > Well, i just follow you Samba Devs.
> This is was a question 'into an air' to trigger Metze's answer. ;)
>
> > Im just an it guy and i can't programm what your guys do..  Respect for that!
> >
> > For now, i keep it simple an in sight for me in my smb.conf and i set the 2 : idmap *  lines.
> > I can add that simple in the smb.conf of my debian install, but its not nice. :-/
> An issue I see is that, unlike 'net groupmap add ..' variant, we cannot
> really default to a working default idmap configuration without knowning
> in advance what ID range to use there.

Why does it matter to smbd if winbind is running or not in a
standalone-server config?  In both scenarios it is started with the
same standalone-server config. How does it solve the problem of not
having a group mapping from BUILTIN\Guests to some local group when
winbind isn't running?

More information about the samba-technical mailing list