[Samba] "id" and "id username" don't match up when using Winbind groups

Gerald (Jerry) Carter jerry at samba.org
Fri Jun 10 19:16:32 GMT 2005

Hash: SHA1

Graeme Humphries wrote:

| ADS. I was under the impression that security = domain
| was broken with SP1? Or has than been fixed in 3.0.14a?

security = ads is better for windows 2003 sp1.  I just wanted
to clarify what your configuration was.  And we now think
that we know how to fix security = domain as well.

| Ok, so to clear this up in ADS continually, I'll
| need to make a cron job that shuts down winbind,
| removes this file, and then starts winbind up
| again?

*if* user's never fall back to NTLM authentication
\and always use kerberos tickets, the cache will
never be initialized for that user so theoretically
it should not cause a problem.  But then Windows
clients do tend to fallback to NTLM more than one
would expect.

|> In technical terms, the cache is a copy of the
|> NET_USER_INFO_3 structure in the samlogin()
|> reply (used for NTLM authenication).
| Ahhh, and it's just not getting updated properly
| with ADS?


| Cool. As long as I have a workaround, I'm happy, but
| it'd be nice to have it cleaned up. Is 3.0.15
| the next stable release, or does Samba use the
| even=stable odd=devel numbering?

Well we're skipping a few release numbers due to
the large amount of upcoming changes.  So the next
stable release will be 3.0.20.  Here's the original


cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list