[Samba] NT user name doesn't match unix username when winbindd
is running
Buchan Milne
bgmilne at cae.co.za
Wed Jun 12 11:01:02 GMT 2002
> Message: 4
> From: "Wieprecht, Karen M." <Karen.Wieprecht at jhuapl.edu>
> To: "'samba at samba.org'" <samba at samba.org>
> Date: Tue, 11 Jun 2002 09:49:27 -0400
> Subject: [Samba] NT user name doesn't match unix username when winbindd is runnin
> g
>
> Samba team,
>
> I posted the following message on May 30 to comp.protocols.smb, but no one
> has responded to the posting as of yet, so I thought I'd try this email
> list.
>
>
> We are testing winbind and security=domain to authenticate NT users on
> our UNIX box in samba (v2.2.3a). Winbind is working correctly. Wbinfo
> shows
> users as domainname+username (we are using "+" as the
> separator), however, the NT usernames aren't automatically mapping
> to their corresponding UNIX usernames as expected. Perhaps I don't
> understand how this is supposed to work?
>
>>From what I understand, security=domain WITHOUT winbind requires a
> corresponding UNIX user (or dummy entry in the password file) for each
> NT user who you want to authenticate. This works for us, my NT karen
> account gets matched to my Unix Karen account, new files I create from
> the PC side get assigned the correct Unix UID, my login directory is
> shared via [HOMES] correctly, etc as long as I don't run winbindd.
>
> However, when I turn on winbindd, the NT karen account now gets
> mapped to "domainname+karen" instead of "karen", so UID's don't match,
> and my home login directory isn't being shared to my NT Karen
> account. Aren't the NT user names supposed to map to the UNIX user
> name if one exists? We want the features of winbind so we don't have
> to have a corresponding UNIX account for each NT user, but we want
> matching usernames to map automatically for those users who DO have
> accounts on both sides. It works when winbind is not running, why
> doesn't this work when I run winbind? Is there some other parameter I
> have to set to make this happen?
It is best to actually end up using one authentication db, IMHO. But you
should be able to solve your problem by:
1)Upgrading samba-2.2.4
2)Setting "winbind use default domain = yes" in the global section of
smb.conf
Now, winbind users for the domain specified in the "workgroup = "
parameter will not get the winbind or winbind seperator prepended to
their usernam.
Buchan
--
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
More information about the samba
mailing list