[Samba] sendmail getting domain\user as email userId

Mark Foley mfoley at ohprs.org
Fri Dec 1 09:53:29 UTC 2017

On Fri, 1 Dec 2017 09:22:29 +0000 Rowland Penny wrote:

> On Fri, 01 Dec 2017 03:47:26 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
> > 
> > Yeah, I saw that, and I read the developer's comment. Frankly, I
> > don't get it. Seems to me winbind behaviour should be the same, AD/DC
> > or domain member. And it should deliver to programs the id they
> > expect (w/o domain name), regardless of the use being made. I don't
> > see the benefit for any use of adding the domain to the Id unless
> > there is some odd circumstance that an installation has more than one
> > domain and the same user Id -- in which case this should be the
> > exception rather than the rule.
> > 
> > Oh well ...
> > 
> > I'll investigate your nlscd suggestion.
> > 
> I can sort of understand the decision, you can use trusted domains with
> Samba and if you use 'winbind use default domain = yes' and you have a
> user in DOMA called 'fred' and a user in DOMB called 'fred', winbind
> would treat these as being the same user. Even if the DOMA users full
> name is 'Fred Bloggs' and the DOMB users full name is 'Fred Doe', that
> is, they are two different people.
> Perhaps we need a parameter called 'winbind remove our domain from
> users & groups' ;-)
> Rowland

BTW - your advice on ldbedit'ing the idmap.ldb file also worked to fix the original problem
that I posted my little diatribe on "winbind use default domain" about, reprinted below:

> I've figured out a work-around to the problem of "winbind use default domain = yes" not working
> on the AD/DC. As mention below, in my specific case procmail does not see HPRS\charmaine as the
> actual owner 'charmaine' and I get a "Suspicious rcfile "/home/HPRS/charmaine/.procmailrc"
> message in maillog and the mail does not get delivered to her $HOME/Maildir file, but rather to
> /var/spool/mail/HPRScharmaine.
> Per the procmail man page, this error is because, "The owner of the rcfile was not the
> recipient or root, ... ". My work-around was to change the ownership of the .procmailrc file
> to root since that seemed acceptable to procmail. This worked and mail was then delivered.

When I edited idmap.ldb and changed that user's Id from 3000043 to the correct 10004, the
problem went away without my having to keep .procmailrc owned by root!

This of course also means that procmail *will* properly authenticate with winbind, provided all
the ldb files are in sync -- making my complaint less important.

Thanks for killing 2 birds with one email!


More information about the samba mailing list