[Samba] FC6 and winbind separator ignored?
Cleber P. de Souza
cleberps at gmail.com
Mon Nov 6 18:05:45 GMT 2006
Ray,
Your winbind is using the winbind separator.
If you want that your username appears as johnXXXX instead
AVWORLD\johnXXX set 'winbind use default domain' to No.
On 11/6/06, Ray Van Dolson <rvandolson at esri.com> wrote:
> I'm trying to join my FC6 box to our Active Directory domain. For the most
> part the setup was pretty straightforward, but it just doesn't seem like
> winbind separator is being honored.
>
> When I do a 'getent passwd' I get the following:
>
> AVWORLD\johnXXXX:*:16782801:16777216:XXXXXXXX:/home/AVWORLD/johnXXXX:/bin/bash
> AVWORLD\liliXXXX:*:16782802:16777216:XXXXXXXXXXX:/home/AVWORLD/liliXXXX:/bin/bash
> AVWORLD\juliXXXX:*:16782803:16777216:XXXXXXXX:/home/AVWORLD/juliXXXX:/bin/bash
> AVWORLD\yuanXXXX:*:16782804:16777216:XXXXXXXX:/home/AVWORLD/yuanXXXX:/bin/bash
> AVWORLD\annaXXXX:*:16782805:16777216:XXXXXXXX:/home/AVWORLD/annaXXXX:/bin/bash
>
> (The X's have been added to protect the innoccent :-)
>
> However:
>
> # testparm -sv | grep 'winbind separator'
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> winbind separator = \
>
> As you can see, my winbind separator is set to \. No, I do not have nscd
> running either, so no funky results are being cached. nsswitch.conf has
> "files winbind" for passwd, shadow and group. winbindd is running correctly
> (as far as I can tell).
>
> Here is my smb.conf file:
>
> [global]
> # General options
> workgroup = AVWORLD
> netbios name = LEORAY-FEDORA
> realm = XXXX.COM
> password server = cricket.XXXX.XXX
> security = ADS
> encrypt passwords = yes
>
> preferred master = no
> #winbind separator = +
> printcap name = cups
> printing = cups
>
> # winbind options
> idmap uid = 10000-9999999999
> idmap gid = 10000-9999999999
> winbind enum users = yes
> winbind enum groups = yes
> template homedir = /home/%D/%U
> template shell = /bin/bash
>
> (winbind separator is commented so that the default of \ is used).
>
> I have been able to do a kinit username at DOMAIN.COM and then a net ads join
> with no errors. klist shows my Kerberos ticket.
>
> If I run a 'finger username' nothing is returned -- but if I run a 'finger
> AVWORLD\\username' the entry _is_ returned.
>
> Why isn't winbind making use of my winbind separator?
>
> Oh yes, this is part of Samba 3.0.23c-2 (part of Fedora Core 6).
>
> Thanks in advance!
> Ray
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
***
Cleber P. de Souza
More information about the samba
mailing list