# winbind separator ignored in smb.conf

jtrostel at snapserver.com jtrostel at snapserver.com
Wed Oct 24 12:34:25 GMT 2001

I agree that the '+' sign is pretty reasonable.  It's what I use here.  There
is mention of the back-slash in the doc's however.  This is probably what leads
people to try it.  (The "'s are what gets the \'s to work as a separator in the
conf file because it is the escape-key in shell).  I agree with Andrew that it
probably isn't a good idea to use '\''s.

I _can_ specify

winbind separator = \\

as my separator though,

...if I have a comment after that line
;-> I get _really_ funky names though

If I specify

winbind separator = "\\" it works much better but might still cause shell
confusion... (I wouldn't want to bet on it being benign)

But.... it didn't default back to '+' when I tried either experiment. I still
wonder if the separator specification is even making it to samba.

On 24-Oct-2001 Esh, Andrew wrote:
> Winbindd is probably reading that option and not getting a reasonable
> result, so it goes back to the default value, which is "+".
>
> You wouldn't want to use that for a separator anyway. In a shell, that's an
> escaped blackslash. The separator is not the one used by the Windows
> clients; they still use '\'. The separator is what Unix users will have to
> type in order to refer to a Windows domain user. Using a plus sign as a
> separator, and being in a domain called "foo", the user named "bar" would
> have to log into Unix with the user name "foo+bar", and their files would
> show up as being owned by a user by the same name. In Windows, this person
> would mount the Samba share by logging in as "foo\bar", or "bar" if they are
> in the same domain.
>
> Unless your Windows users are logging in and using Unix directly, they will
> never see the separator. If they are, then the plus sign is a lot less
> troublesome than escaped slashes. I'd strip out that separator setting you
> are trying to use, and work with what you have.
>
> Of course if you still have a burning desire to use a backslash, let's hear
>
> BTW: If you see domain extended user names in the getent passwd output, then
> you ARE running winbindd and it's working correctly. That's the last test in
> my winbindd testing recipe, and you passed.
>
> -----Original Message-----
> From: jtrostel at snapserver.com [mailto:jtrostel at snapserver.com]
> Sent: Wednesday, October 24, 2001 1:25 PM
> To: Mike Papper
> Cc: samba at lists.samba.org; samba-technical at samba.org
> Subject: Re: winbind separator ignored in smb.conf
>
>
> hmmm.... also check to make sure you really are running the winbindd you
> think
> you are and the smb.conf file you think you are.  (Is it a /etc/smb.conf vs.
> /usr/local/samba/lib/smb.conf file thing?)
>
> On 24-Oct-2001 Mike Papper wrote:
>> This line in my smb.conf seems tobe ignored:
>>
>> winbind separator = \\
>>
>> doing a "getent passwd" always returns domain separated using "+".
>>
>> any ideas?
>>
>> --
>> Mike Papper
>> Digital Pipe
>> mike at digitalpipe.net
>> 650-627-5100 ext. 5211
>
> --
> John M. Trostel
> Senior Software Engineer
> Quantum Corp. / NASD
> jtrostel at snapserver.com

--
John M. Trostel
Senior Software Engineer
Quantum Corp. / NASD
jtrostel at snapserver.com