[Samba] Default domain for winbindd?
Chris Palmer
chris.palmer at geneed.com
Wed Jan 8 00:48:01 GMT 2003
Hello once again,
I've got winbind doing authentication not just for the samba service but also sshd and login. It's great. However, I have to give a fully-qualified username (e.g. "GENEEDINC+chris.palmer") as the username when logging in via these methods. I wondered, Is there any way to get winbindd to insert the domain and the separator for the user, when none is provided?
I checked winbindd(8). There is $WINBINDD_DOMAIN, but my expectations about what it provides appear to be wrong -- it's a security restriction and not a user-friendly helper.
===
Client processes resolving names through the winbindd nss-
witch module read an environment variable named $WIN-
BINDD_DOMAIN. If this variable contains a comma separated
list of Windows NT domain names, then winbindd will only
resolve users and groups within those Windows NT domains.
===
Figuring sshd was the client of winbindd, I tried this:
===
# WINBINDD_DOMAIN=GENEEDINC sshd
# ssh -l chris.palmer localhost
chris.palmer at localhost's password:
Permission denied, please try again.
chris.palmer at localhost's password:
Permission denied, please try again.
chris.palmer at localhost's password:
Permission denied (publickey,password,keyboard-interactive).
===
The contents of /var/log/secure ("sshd[15753]: input_userauth_request: illegal user chris.palmer") suggest that it didn't assume "GENEEDINC+" at the beginning of my username like I'd hoped.
It'd be nice if there were an smb.conf option for [global] like "default winbind domain = WHATEVER". Is there a plan to include such a feature in the future, or does this feature exist and I just haven't found it?
Thanks again,
--
Chris Palmer Systems Programmer GeneEd
More information about the samba
mailing list