[Samba] Problems with authentication in Samba4

[Rowland Penny]

On 01/12/15 16:45, Marcio Demetrio Bacci wrote:
> Hi,
>
> I'm having problems to authenticate users with winbind. I'm implementing
> Squid3 Server and this server is working properly. But I think there is a
> problem with winbind (perhaps winbind separator), because when I put ^ as
> separator, how in Domain^Users, the error message appeared:
>
>
> root at proxy:~# *echo "bacci Domain^Users" | /usr/lib/squid3/wbinfo_group.pl
> <http://wbinfo_group.pl>*
> failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup name Domain^Users
> failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM
> Could not convert sid  to gid
> ERR
>
> But, when I put %20 as separator, how in Domain%20Users, the authentication
> is OK.
>
> root at proxy:~# *echo "bacci Domain%20Users" |
> /usr/lib/squid3/wbinfo_group.pl <http://wbinfo_group.pl>*
> OK
>
> My environment is: Samba 4.2.1 on Debian 7.2 as DC
> Samba 4.1.17 on Debian 7.2 and Squid 3.1 as Proxy.
>
> Here is my smb.conf in Proxy Server (Member Server)
>
> [global]
>    netbios name = DC1
>    workgroup = EMPRESA
>    security = ads
>    realm = EMPRESA.COM
>    encrypt passwords = yes
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>    preferred master = no
>    idmap config *:backend = tdb
>    idmap config *:range = 1000-3000
>    idmap config EMPRESA:backend = ad
>    idmap config EMPRESA:schema_mode = rfc2307
>    idmap config EMPRESA:range = 10000-9999999
>
>    winbind nss info = rfc2307
>    winbind trusted domains only = no
>    winbind use default domain = yes
>    winbind enum users = yes
>    winbind enum groups = yes
>    winbind refresh tickets = yes
>
>    vfs objects = acl_xattr
>    map acl inherit = Yes
>    store dos attributes = Yes
>    username map = /etc/samba/user.map
>
> Is there any way to fix this problem in the Winbind?

Why do you need to use '^' ?
getent group Domain^Users doesn't work either, but getent group Domain\ 
Users does

Rowland