[Samba] fully qualified usernames ??

Robert Gehr robert.gehr at baumann-gmbh.de
Mon Oct 2 09:53:13 GMT 2006

Hi there

Just a couple of questions to help me understand.

When I upgrade from 3.0.22 to 3.0.23c the access restrictions on my
shares on the member server no longer work. I read in the Changes file

"Since Samba 3.0.8, it has been recommended that all domain accounts
listed in smb.conf on a member server be fully qualified with the...."

So far so good I know what I have to do still I don't quite understand
why the member server is no longer able to identify the user connecting.

When, on the member server, I do a "wbinfo -U ID" I get the correct SID
When I do "wbinfo -a joe%passwd" it succeeds as well as a
"wbinfo -a DOMAIN\\joe%passwd"

So winbindd identifies joe all right even without the DOMAIN prefix. Why
does this no longer work for shares on the member server that have

valid users = joe


The member server gets its local users and groups via ldap.

I also have in my smb.conf:
winbind trusted domains only = Yes

What am I missing??


Best Regards
Robert Gehr

"Technological progress has merely provided us
  with more efficient means for going backwards"

~ Aldous Huxley

More information about the samba mailing list