[Samba] Make Winbind/PAM not return domain part for usernames
jorgito1412 at gmail.com
Sat Aug 24 02:01:43 MDT 2013
Thanks for your reply.
Dovecot remote users use just the username without the domain when logging
in through IMAP, but PAM and/or Dovecot are somehow changing it on the fly:
Aug 21 22:50:22 dc2 dovecot: auth-worker(5179): Debug: auth(foo,127.0.0.1):
username changed foo -> DOMAIN\foo
Aug 21 22:50:22 dc2 dovecot: auth: Debug:
auth(foo,127.0.0.1,<0bBfg3/kpQB/AAAB>): username changed foo -> DOMAIN\foo
Aug 21 22:50:22 dc2 dovecot: auth: Debug: client out:
On the Dovecot wiki it says "PAM may change the username", in this case I
don't want it to change the username. I will ask this on the Dovecot list.
Regarding the "winbind use default domain" setting, as per the
documentation I think it should work the other way around you mention. When
set to "yes", all usernames should be returned without domain part. In any
case, it does not work for me. Setting it to yes, no, deleting the
parameter or setting "winbind separator" before of after (found this on a
bug report, just in case was related), no matter what I do, "getent passwd"
always returns the usernames WITH the domain, and so looks to be doing PAM.
This is probably related to the Samba bug I mentioned earlier.
As you say, I like the idea of the domain users being returned *with* the
domain part in order to identify them from local system users. I think the
"cleanest" solution would be to make exim deliver the mail to a location
which includes some sort of "$username" variable, and make that username be
the one with the domain. The point is I don't know any variable like that,
it usually uses "$local_part" which does not seem to be returning what I
I will come up with more info if I find any elegant solution. In the
meantime, as a quick and dirty workaround I hardcoded the domain part in
the exim config delivery path (horrible, please don't blame me that much
More ideas or information are always welcome!
More information about the samba