[Samba] Samba 3.0.23b Available for Download

Gerald (Jerry) Carter jerry at samba.org
Wed Aug 9 12:04:13 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael,

>> Since Samba 3.0.8, it has been recommended that all domain
>> accounts listed in smb.conf on a member server be fully
>> qualified with the domain name.  This is now a requirement.
>> All unqualified names are assumed to be local to the Unix
>> host, either as part of the server's local passdb or in the
>> local system list of accounts (e.g. /etc/passwd or /etc/group).
> "now" means from version "b" on or 3.0.23 at all?

Technically 3.0.23b since there was still some
ambiguity in the previous 3.0.23 releases.

> * Added lookup_name_smbconf() to be called when 
>   looking up names from smb.conf.  Unqualified names
>   are assumed to be local.
>
- -> seems for me from "b" on, right?

Yup.

> i´m asking because there have been a lot of 
> threads since the release of 3.0.23 and samba
> members always advised to use FQ-names. does this also
> imply that bug 3920 is "fixed" now if we have 
> to use FQ-names??

3920 is fixed.  But understand 'winbind use default
domains' was never intended for anything except PAM &
NSS.  Internally Samba must deal with qualified names
in order to correctly resolve them to SIDs.  So even an
assumed domain name gets qualified.  However, in smb.conf
the responsibility is on the admin to remove ambiguity
by fully qualifying the name.  This has nothing to do
with BUG 3920 really.

>> If the member server is not running winbindd at all, domain
>> accounts will be implicitly mapped to local accounts and their
>> tokens will be modified appropriately to reflect the local
>> SID and group membership.
>
> and if winbind is running with "use default domain" 
> are users also mapped to local ones?

No.  'winbind use default domain' is a convenience parameter
for PAM and NSS applications.  The domain user still exists
and getpwnam("DOMAIN\user") still succeeds.  We always
try to look up the qualified version first.




cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2c89IR7qMdg1EfYRAmIoAKCtsWDeNfTqEb8d9zrsag0nyKzvYACeJi+J
q98C98fXUoV2QG2c/OTALFc=
=TRUq
-----END PGP SIGNATURE-----

More information about the samba mailing list