[Samba] winbindd instability, inconsistent handling of Domain name

Gerald (Jerry) Carter jerry at samba.org
Mon Sep 8 18:31:36 GMT 2003

Hash: SHA1

On Mon, 8 Sep 2003, Alexander List wrote:

> After a while, wbinfo [-u|-g] returns
> server:/var/log/samba# wbinfo -g
> Error looking up domain groups

Should be fixed in RC3 due out later today/tonight.

> My second problem:
> I created a directory /mnt/admin with this ACL:
> # file: .
> # owner: root
> # group: root
> user::rwx
> user:DOMAIN+username:rwx
> group::r-x
> mask::rwx
> other::r-x
> When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
> only DOMAIN+username (the short NETBIOS name of the domain) is listed in
> the ACL.

This is because the INTERNAL.DOMAIN.COM:username and DOMAIN+username map 
to the same SID (assuming that INTERNAL.DOMAIN.COM is the realm and 
DOMAIN is the short domain name).  Therefore winbind always uses the short 
form of the domain name for specifying users.   So the uid -> SID -> name 
lookup ends up with DOMAIN+username.

> I created the following Samba share:
> [admin]
>     browsable = no
>     path = /mnt/admin
>     public = no
>     write list = DOMAIN+username
> This won't work. Windows domain user "username" gets "Access denied" when
> trying to create a file on the share.
> However, this works:
>     write list = INTERNAL.DOMAIN.COM+username

Can you send me a level 10 debug log?  Thanks.

cheers, jerry
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/


More information about the samba mailing list