[Samba] Different behaviour of winbind in 4.8.3
Tino Müller
tmu at spreadshirt.net
Mon Jul 2 06:53:31 UTC 2018
Hi list,
the behaviour of winbind changed in Samba version 4.8.3.
Having this nsswitch.conf:
# cat /etc/nsswitch.conf
passwd: compat winbind cache
group: compat winbind cache
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
and this smb.conf:
# cat /etc/samba/smb.conf
[global]
kerberos method = secrets and keytab
log file = /var/log/samba/log.%m
max log size = 1000
realm = SPREADSHIRT.PRIVATE
security = ADS
server role = member server
server string = %h server (Samba, Ubuntu)
winbind expand groups = 5
winbind offline logon = Yes
winbind separator = +
workgroup = SPREADSHIRT
idmap config * : range = 10000 - 19999
idmap config spreadshirt : range = 1000000 - 19999999
idmap config spreadshirt : backend = rid
idmap config * : backend = tdb
There is a user in the domain SPREADSHIRT with the name tmutest.
With Samba 4.8.2 and lower:
# id tmutest
id: ‘tmutest’: no such user
# id SPREADSHIRT+tmutest
uid=1102339(SPREADSHIRT+tmutest) gid=1000513(SPREADSHIRT+domain users)
groups=1000513(SPREADSHIRT+domain
users),1102339(SPREADSHIRT+tmutest),10001(BUILTIN+users)
With Samba 4.8.3:
# id tmutest
uid=1102339(SPREADSHIRT+tmutest) gid=1000513(SPREADSHIRT+domain users)
groups=1000513(SPREADSHIRT+domain
users),1102339(SPREADSHIRT+tmutest),10001(BUILTIN+users)
root at toolbox01 [lej] ~ # id SPREADSHIRT+tmutest
uid=1102339(SPREADSHIRT+tmutest) gid=1000513(SPREADSHIRT+domain users)
groups=1000513(SPREADSHIRT+domain
users),1102339(SPREADSHIRT+tmutest),10001(BUILTIN+users)
Is this intended?
Is it possible to change the behaviour back to pre-4.8.3 by
configuration change?
Thank you.
Best,
Tino
More information about the samba
mailing list