[Samba] "id" and "id username" don't match up when using Winbind
groups
Gerald (Jerry) Carter
jerry at samba.org
Fri Jun 10 19:16:32 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Graeme Humphries wrote:
| ADS. I was under the impression that security = domain
| was broken with SP1? Or has than been fixed in 3.0.14a?
security = ads is better for windows 2003 sp1. I just wanted
to clarify what your configuration was. And we now think
that we know how to fix security = domain as well.
| Ok, so to clear this up in ADS continually, I'll
| need to make a cron job that shuts down winbind,
| removes this file, and then starts winbind up
| again?
*if* user's never fall back to NTLM authentication
\and always use kerberos tickets, the cache will
never be initialized for that user so theoretically
it should not cause a problem. But then Windows
clients do tend to fallback to NTLM more than one
would expect.
|> In technical terms, the cache is a copy of the
|> NET_USER_INFO_3 structure in the samlogin()
|> reply (used for NTLM authenication).
|
| Ahhh, and it's just not getting updated properly
| with ADS?
Correct.
| Cool. As long as I have a workaround, I'm happy, but
| it'd be nice to have it cleaned up. Is 3.0.15
| the next stable release, or does Samba use the
| even=stable odd=devel numbering?
Well we're skipping a few release numbers due to
the large amount of upcoming changes. So the next
stable release will be 3.0.20. Here's the original
mail.
http://lists.samba.org/archive/samba/2005-May/106122.html
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCqecQIR7qMdg1EfYRApgfAKC6MDbUPeVvt34CGL78J02Vndv2EACgrLV7
Gt40ZrBXvTs7LpdAlDaxjXA=
=pQpp
-----END PGP SIGNATURE-----
More information about the samba
mailing list