[Samba] winbind and white spaces on user/group names

Thomas Creutz thomas.creutz at gmx.de
Tue Apr 18 15:47:55 UTC 2017


Hi Samba Folks,

we use Ubuntu 16.04 LTS with Samba 4.3.11 (from distribution). Our ADS 
is Windows 2008 R2. We want to use Linux as a squid proxy with domain 
auth (SSO).
Problem is, that most of the usernames have a white space and it seems 
that winbind wont handle it.

I get this on my cache log with /usr/lib/squid/ext_wbinfo_group_acl 
(wbinfo_group.pl) script.

Got max Internet-Access from squid
User:  -max-
Group: -Internet-Accesss-
SID:   -S-1-5-21-3122064890-3824127986-1965815265-2719-
GID:   -10004-
failed to call wbcGetGroups: WBC_ERR_DOMAIN_NOT_FOUND
Could not get groups for user max
Sending ERR to squid

Problem is, that username is not max, it is "max mustermann".

You can see, that the user sid is well resolved (how ever it is 
possible). Users with no white spaces works fine in squid.

Same problem with wbinfo:

$ wbinfo -u|grep max
max mustermann

but when I try to get user info or user group info:

$ wbinfo -i "max mustermann"
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user max mustermann

$ wbinfo -r "max mustermann"
failed to call wbcGetGroups: WBC_ERR_DOMAIN_NOT_FOUND
Could not get groups for user max mustermann

And  when the username contains no white space, it works well:

$ wbinfo -i Administrator
administrator:*:10000:10005:Administrator:/home/MYDOM/administrator:/bin/false

$ wbinfo -r Administrator
10005
10006
10007
10008
10009
10010
10011
10012
10013
10014
10015
10016
10017
10018
10019
10020
10021
10022
10001
10000

$ wbinfo -t kinit
checking the trust secret for domain MYDOM via RPC calls succeeded

Any thing I can do? Is there any needed smb.conf param, which can help?
I have found many ppl on internet, which have suffered from the same 
problem, but I found no solution for my case.

Regards,
Thomas




More information about the samba mailing list