[Samba] known bug in samba: Re: Winbind user/group name case change
steve at steve-ss.com
Mon Sep 15 11:17:29 MDT 2014
On Mon, 2014-09-15 at 09:40 +0200, Lars Hanke wrote:
> Am 15.09.2014 08:19, schrieb steve:
> > On Sun, 2014-09-14 at 15:46 -0700, Linda W wrote:
> >> Lars Hanke wrote:
> >>> My Synology NAS runs Samba 3.6.9 and maps accounts using winbind. It
> >>> is joined to my samba4 AD. I set "winbind use default domain=yes" and
> >>> have no entry for "winbind normalize names". Strangely a group like
> >>> "Domain Users" appears as "domain users", i.e. in all lower case. A
> >>> translation which breaks idmapd for NFSv4.
> >>> My Debian Wheezy 3.6.6 behaves the same way. Is there some option to
> >>> keep the case?
> >>> Alternatively, does someone know whether it is possible to tell idmapd
> >>> to ignore case?
> >> ----
> >> This is a known bug in samba -- "name mangling". MS fixed this back in
> >> 2000, but samba has remained steadfast. It wreaks havok with linux
> >> systems --
> >> especially ones trying to support MS systems.
> >> Besides the user& groupnames, system and domain names also cause problems.
> >> I still have 3 different entries for many of my hosts so linux can
> >> compensate
> >> for this bug. I thought this was supposed to be fixed going with 4.x
> >> and one of the reasons
> >> for not fixing it in earlier versions was the 3.x series didn't know how
> >> to do unicode
> >> capitalization, but theoretically in 4.x that shouldn't be a problem
> >> anymore.
> >> Anyyone else know if the name mangling of servers/systems, names and
> >> groups was
> >> fixed in 4.x?
> > Hi
> > Yeah. It's been a pain for ages, but I suppose as it's meant to serve
> > only windows boxes it doesn't matter until you start to serve Linux
> > clients as well. The solution for us is to use sssd. The latest version,
> > 1.12.1 is a replacement for winbind, as in you do not need to have
> > winbind running in the alongside sssd. With sssd, Domain Users appears
> > as Domain Users. If the OP's NAS supports sssd than that should solve
> > it.
> Can sssd do both options, i.e. canonicalized names and untranslated
> ones? I cannot change the use of winbind on the NAS. I'd try with sssd
> on my clients, but the version in the Wheezy repo is too old to support
> AD. There is not even a backport from Jessie. And if I can avoid
> maintaining my own packets, I'll avoid it.
> But since I have a couple of other issues with winbind, I'd go for it,
> if it is the cure.
> - lars.
Older versions of sssd back to 1.8 supported AD through the rfc2307bis
ldap schema. The configuration is a little more involved and you don't
get the drop-in AD engineered product, but it works and what's more it
would solve your Domain Users != domain users problem at the client end
at least. We documented the method for sssd <= 1.9.6 here:
More information about the samba