[Samba] winbindd instability, inconsistent handling of Domain name
Gerald (Jerry) Carter
jerry at samba.org
Mon Sep 8 18:31:36 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 8 Sep 2003, Alexander List wrote:
> After a while, wbinfo [-u|-g] returns
>
> server:/var/log/samba# wbinfo -g
> Error looking up domain groups
Should be fixed in RC3 due out later today/tonight.
> My second problem:
>
> I created a directory /mnt/admin with this ACL:
>
> # file: .
> # owner: root
> # group: root
> user::rwx
> user:DOMAIN+username:rwx
> group::r-x
> mask::rwx
> other::r-x
>
> When I create the ACL with setfacl -m u:INTERNAL.DOMAIN.COM:username:rwx,
> only DOMAIN+username (the short NETBIOS name of the domain) is listed in
> the ACL.
This is because the INTERNAL.DOMAIN.COM:username and DOMAIN+username map
to the same SID (assuming that INTERNAL.DOMAIN.COM is the realm and
DOMAIN is the short domain name). Therefore winbind always uses the short
form of the domain name for specifying users. So the uid -> SID -> name
lookup ends up with DOMAIN+username.
> I created the following Samba share:
>
> [admin]
> browsable = no
> path = /mnt/admin
> public = no
> write list = DOMAIN+username
>
> This won't work. Windows domain user "username" gets "Access denied" when
> trying to create a file on the share.
...
> However, this works:
>
> write list = INTERNAL.DOMAIN.COM+username
Can you send me a level 10 debug log? Thanks.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE/XMsIIR7qMdg1EfYRAq+xAJ4/HzYxi/IIMQYMjF5SWDl2gECf+QCfYiCk
06igPvXN/Wb3uh9v50AkcbU=
=R09F
-----END PGP SIGNATURE-----
More information about the samba
mailing list