[Samba] winbindd using FQDN domain name now?
Gerald (Jerry) Carter
jerry at samba.org
Tue Oct 7 13:35:41 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sorry for the delayed repsonse...
Adrian Chung wrote:
| As of RC3 and RC4, I've noticed that winbindd's wb_getpwuid function
| is using the form <FQDN-domain><winbind-seperator><username>, and
| before, it was simply <NetBIOS-domain><winbind-seperator><username>.
This is due to new code in smbd that grabs the domain name
from the krb5 principal name.
| The net effect of what I'm seeing is that users which have a UNIX
| account locally on the samba box and also a domain account are being
| authenticated against the AD DC, but their UIDs are getting resolved
| to the local UNIX UIDs rather than AD UIDs.
....
|
|>From XP SP1 boxes that are domain members:
|
| [2003/09/15 15:49:17, 3]
| nsswitch/winbindd_user.c:winbindd_getpwnam(112)
| [ 6453]: getpwnam genosha.enfusion-group.com-adrian
| [2003/09/15 15:49:17, 5]
| nsswitch/winbindd_user.c:winbindd_getpwnam(140)
| no such domain: GENOSHA.ENFUSION
| [2003/09/15 15:49:17, 3]
| nsswitch/winbindd_user.c:winbindd_getpwnam(112)
| [ 6453]: getpwnam GENOSHA.ENFUSION-GROUP.COM-adrian
| [2003/09/15 15:49:17, 5]
| nsswitch/winbindd_user.c:winbindd_getpwnam(140)
| no such domain: GENOSHA.ENFUSION
You have the wionbind separator set to '-' don't you?
The probl;em here is that you have a '-' in the realm name.
cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard ------------------------- http://www.hp.com
~ SAMBA Team ---------------------- http://www.samba.org
~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
~ "You can never go home again, Oatman, but I guess you can shop there."
~ --John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/gsEtIR7qMdg1EfYRAuI4AKDQSJXPNEYIJG/9esHfYjq1zd00LACfTfbp
VCx/Q3LUEB64othe3hsB8Hg=
=6D86
-----END PGP SIGNATURE-----
More information about the samba
mailing list