[Samba] fully qualified usernames ??
Robert Gehr
robert.gehr at baumann-gmbh.de
Mon Oct 2 09:53:13 GMT 2006
Hi there
Just a couple of questions to help me understand.
When I upgrade from 3.0.22 to 3.0.23c the access restrictions on my
shares on the member server no longer work. I read in the Changes file
"Since Samba 3.0.8, it has been recommended that all domain accounts
listed in smb.conf on a member server be fully qualified with the...."
So far so good I know what I have to do still I don't quite understand
why the member server is no longer able to identify the user connecting.
When, on the member server, I do a "wbinfo -U ID" I get the correct SID
When I do "wbinfo -a joe%passwd" it succeeds as well as a
"wbinfo -a DOMAIN\\joe%passwd"
So winbindd identifies joe all right even without the DOMAIN prefix. Why
does this no longer work for shares on the member server that have
valid users = joe
defined??
The member server gets its local users and groups via ldap.
I also have in my smb.conf:
winbind trusted domains only = Yes
What am I missing??
Thanks
--
Best Regards
Robert Gehr
"Technological progress has merely provided us
with more efficient means for going backwards"
~ Aldous Huxley
More information about the samba
mailing list