[Samba] winbindd using FQDN domain name now?
Adrian Chung
adrian at enfusion-group.com
Tue Oct 7 15:45:16 GMT 2003
On Tue, Oct 07, 2003 at 08:35:41AM -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Sorry for the delayed repsonse...
>
> Adrian Chung wrote:
> | As of RC3 and RC4, I've noticed that winbindd's wb_getpwuid function
> | is using the form <FQDN-domain><winbind-seperator><username>, and
> | before, it was simply <NetBIOS-domain><winbind-seperator><username>.
>
> This is due to new code in smbd that grabs the domain name
> from the krb5 principal name.
>
> | The net effect of what I'm seeing is that users which have a UNIX
> | account locally on the samba box and also a domain account are being
> | authenticated against the AD DC, but their UIDs are getting resolved
> | to the local UNIX UIDs rather than AD UIDs.
> ....
> |
> |>From XP SP1 boxes that are domain members:
> |
> | [2003/09/15 15:49:17, 3]
> | nsswitch/winbindd_user.c:winbindd_getpwnam(112)
> | [ 6453]: getpwnam genosha.enfusion-group.com-adrian
> | [2003/09/15 15:49:17, 5]
> | nsswitch/winbindd_user.c:winbindd_getpwnam(140)
> | no such domain: GENOSHA.ENFUSION
> | [2003/09/15 15:49:17, 3]
> | nsswitch/winbindd_user.c:winbindd_getpwnam(112)
> | [ 6453]: getpwnam GENOSHA.ENFUSION-GROUP.COM-adrian
> | [2003/09/15 15:49:17, 5]
> | nsswitch/winbindd_user.c:winbindd_getpwnam(140)
> | no such domain: GENOSHA.ENFUSION
>
> You have the wionbind separator set to '-' don't you?
> The probl;em here is that you have a '-' in the realm name.
I sure did, changed it back to '+' and we're back in business.
Thanks!
--
Adrian Chung (adrian at enfusion-group dot com)
http://www.enfusion-group.com/~adrian/
GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
[rogue.genosha.enfusion-group.com] up 5 days, 8:51, 2 users
More information about the samba
mailing list