[Samba] Re: Q: winbindd, unqualfied users,
& name conflicts (a.k.a "Death to 'winbind use default domain'!")
simo
idra at samba.org
Thu Jul 20 16:58:40 GMT 2006
On Thu, 2006-07-20 at 11:35 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Volker,
>
> Assume I have a member server named LINUX joined to a
> domain name AD. Now assume I have a local user named foo
> in my passdb and a user named foo in the domain as well.
> I'm modifying winbindd_util.c:parse_domain_user() to do
> a lookup_name() to try to figure out which domain to prepend
> to the username rather than just assuming its a domain user.
> But this means that we'll always choose the local user
> (due to the order of an isolated search in lookup_name()).
>
> The main problem is the use default domain abomination
> will confuse local and domain users of the same name and
> possibly return incorrect group membership.
>
> I am about a 1/2 inch from marking the smb.conf option
> as deprecated and adding similar option to pam_winbind.conf.
> This option just cannot work reliably.
>
> Do you have any suggestions?
I would just document that local users will always take precendence.
Winbind use default domain is too valuable to be removed imho.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba
mailing list