[Samba] Different behaviour of winbind in 4.8.3

Andreas Schneider asn at samba.org
Mon Jul 2 09:55:56 UTC 2018 

On Monday, 2 July 2018 08:53:31 CEST Tino Müller via samba wrote:
> Hi list,
> 
> the behaviour of winbind changed in Samba version 4.8.3.
> 
> Having this nsswitch.conf:
> # cat /etc/nsswitch.conf
> passwd:                 compat winbind cache
> group:                  compat winbind cache
> shadow:                 compat
> 
> hosts:                  files dns
> networks:               files
> 
> protocols:              db files
> services:               db files
> ethers:                 db files
> rpc:                    db files
> 
> netgroup:               nis
> 
> and this smb.conf:
> # cat /etc/samba/smb.conf
> [global]
>         kerberos method = secrets and keytab
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         realm = SPREADSHIRT.PRIVATE
>         security = ADS
>         server role = member server
>         server string = %h server (Samba, Ubuntu)
>         winbind expand groups = 5
>         winbind offline logon = Yes
>         winbind separator = +
>         workgroup = SPREADSHIRT
>         idmap config * : range = 10000 - 19999
>         idmap config spreadshirt : range = 1000000 - 19999999
>         idmap config spreadshirt : backend = rid
>         idmap config * : backend = tdb
> 
> There is a user in the domain SPREADSHIRT with the name tmutest.
> 
> With Samba 4.8.2 and lower:
> # id tmutest
> id: ‘tmutest’: no such user
> 
> # id SPREADSHIRT+tmutest
> uid=1102339(SPREADSHIRT+tmutest) gid=1000513(SPREADSHIRT+domain users)
> groups=1000513(SPREADSHIRT+domain
> users),1102339(SPREADSHIRT+tmutest),10001(BUILTIN+users)
> 
> 
> With Samba 4.8.3:
> # id tmutest
> uid=1102339(SPREADSHIRT+tmutest) gid=1000513(SPREADSHIRT+domain users)
> groups=1000513(SPREADSHIRT+domain
> users),1102339(SPREADSHIRT+tmutest),10001(BUILTIN+users)
> 
> root at toolbox01 [lej] ~ # id SPREADSHIRT+tmutest
> uid=1102339(SPREADSHIRT+tmutest) gid=1000513(SPREADSHIRT+domain users)
> groups=1000513(SPREADSHIRT+domain
> users),1102339(SPREADSHIRT+tmutest),10001(BUILTIN+users)
> 
> Is this intended?
> Is it possible to change the behaviour back to pre-4.8.3 by
> configuration change?
> 
> Thank you.

Please open a bug report at https://bugzilla.samba.org and assign it to me.


Thanks,


	Andreas

-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the samba mailing list