[Samba] sendmail getting domain\user as email userId

Rowland penny rpenny at samba.org
Tue Jul 26 21:13:43 UTC 2016 

On 26/07/16 21:43, Mark Foley wrote:
> Well, ladies and gentlemen -- it's now working! Sendmail *is* authenticating with the
> nsswitch.conf settings (winbind added):
>
> passwd:         compat winbind
> shadow:         compat winbind
> group:          compat winbind
>
> and with the AD user REMOVED from /etc/passwd. All is well. I did nothing, no patching of
> sendmail, no username rewrite rule in sendmail.[mc|cf].
>
> I can't really explain what changed. Perhaps restarting sendmail and/or samba? I don't
> remember. I didn't reboot, but samba is automatically stopped/started during a wee-hours daily
> backup and is also restarted weekly by logrotate. I did modify /etc/mail/aliases for unrelated
> reasons and restarted sendmail thereafter.
>
> I'm guessing that restarting one or both of these programs did the trick. I should follow my
> own advice to my users: try rebooting first! It solves a world of problems.
>
> So, Mr.  Penny, you will be pleased to know that henceforth I WILL NOT have AD users also in
> /etc/passwd (well, except for 2 Outlook stragglers for whom I've not yet figured out how to
> dovecot NTLM authenticate ... working on it; unless I can get them to switch the Thunderbird
> first!).
>
> I've not checked the documentation, but I would suggest adding the winbind settings to the docs
> for the AD/DC setup wiki, if missing.  You explictly gave me those settings for configuring a
> domain member for single-sign-on last year, and I believe you incorporated that info into the
> domain member wiki.
>
> Being able to authenticate *on* the AC/DC does not necessarily imply its use as a file server.
> Programs should be able to authenticate when running on the AC/DC.
>
> Thanks!!! --Mark
>
>

Glad to see you got it work :-)

As for the info you would like adding to the wiki, it used to be there, 
but when the wiki was re-written, it was removed. The thinking seemed to 
be, as samba doesn't recommend using the DC as a fileserver, it 
shouldn't be there. Samba has been recommending not using the DC as a 
fileserver since version 4 was first released, this was nearly 4 years 
ago. Perhaps, due to the many changes since the first release, it is 
time to reconsider this recommendation.

Rowland

More information about the samba mailing list