[Samba] FC6 and winbind separator ignored?

Roland Hordos rolandhordos at tundraeng.com
Mon Nov 6 19:15:20 GMT 2006


>> If I run a 'finger username' nothing is returned -- but if I run a
'finger
>> AVWORLD\\username' the entry _is_ returned.

I needed this to get around fully qualified user accounts on FC5
3.0.23c:

        winbind use default domain = yes

Roland;


-----Original Message-----
From: samba-bounces+rolandhordos=tundraeng.com at lists.samba.org
[mailto:samba-bounces+rolandhordos=tundraeng.com at lists.samba.org]On
Behalf Of Ray Van Dolson
Sent: Monday, November 06, 2006 9:32 AM
To: samba at lists.samba.org
Subject: [Samba] FC6 and winbind separator ignored?


I'm trying to join my FC6 box to our Active Directory domain.  For the
most
part the setup was pretty straightforward, but it just doesn't seem like
winbind separator is being honored.

When I do a 'getent passwd' I get the following:

AVWORLD\johnXXXX:*:16782801:16777216:XXXXXXXX:/home/AVWORLD/johnXXXX:/bi
n/bash
AVWORLD\liliXXXX:*:16782802:16777216:XXXXXXXXXXX:/home/AVWORLD/liliXXXX:
/bin/bash
AVWORLD\juliXXXX:*:16782803:16777216:XXXXXXXX:/home/AVWORLD/juliXXXX:/bi
n/bash
AVWORLD\yuanXXXX:*:16782804:16777216:XXXXXXXX:/home/AVWORLD/yuanXXXX:/bi
n/bash
AVWORLD\annaXXXX:*:16782805:16777216:XXXXXXXX:/home/AVWORLD/annaXXXX:/bi
n/bash

(The X's have been added to protect the innoccent :-)

However:

# testparm -sv | grep 'winbind separator'
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
        winbind separator = \

As you can see, my winbind separator is set to \.  No, I do not have
nscd
running either, so no funky results are being cached.  nsswitch.conf has
"files winbind" for passwd, shadow and group.  winbindd is running
correctly
(as far as I can tell).

Here is my smb.conf file:

[global]
  # General options
  workgroup = AVWORLD
  netbios name = LEORAY-FEDORA
  realm = XXXX.COM
  password server = cricket.XXXX.XXX
  security = ADS
  encrypt passwords = yes

  preferred master = no
  #winbind separator = + 
  printcap name = cups
  printing = cups

  # winbind options
  idmap uid = 10000-9999999999
  idmap gid = 10000-9999999999
  winbind enum users = yes
  winbind enum groups = yes
  template homedir = /home/%D/%U
  template shell = /bin/bash

(winbind separator is commented so that the default of \ is used).

I have been able to do a kinit username at DOMAIN.COM and then a net ads
join
with no errors.  klist shows my Kerberos ticket.

If I run a 'finger username' nothing is returned -- but if I run a
'finger
AVWORLD\\username' the entry _is_ returned.

Why isn't winbind making use of my winbind separator?

Oh yes, this is part of Samba 3.0.23c-2 (part of Fedora Core 6).

Thanks in advance!
Ray
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba









More information about the samba mailing list