[Samba] wbinfo -i output different before 1st authentication

[Heiner Lesaar]

Dear all,

on CentOs7 based linux w. different versions of Samba (4.6.x from CentOS
repos, but also Sernet-Samba-4.7.4 and also compiled from source), "wbinfo
-i user at domain.tld" returns different results before the first successful
authentication of the user.

Server joined as member to Active Directory, idmapping via tdb2.

On first attempt, the result returns "DOMAIN-REALM+Username", but after 1st
login it switches to "NTDOMAIN+Username" (which is also the correct output).
The tdb files also show the "wrong" info until the login is done (according
to tdbdump comparison). It does not matter if the login happens on a client
or like in my example "locally" via smbclient.


See command output examples:

#########
1st execution after user creation in AD:

# $ wbinfo -i newuser at test.intern

# TEST.INTERN+newuser:*:16777239:16777216::/home/TEST.
INTERN/newuser:/bin/false

Authentication (e.g. here via smbclient):

# $ smbclient \\\\127.0.0.1\\sharename -U newuser at test.intern

Execution after 1st login:

# $ wbinfo -i newuser at test.intern

# TEST+newuser:*:16777239:16777216::/home/TEST/newuser:/bin/false

#########

We use the command output to create database entries in a in-house
developed database / application to centrally manage client logins from
various operating systems.

My questions are:

1) Is this expected behaviour or is it influenced by some smb.conf or
krb5.conf option that we are not aware of?

2) Is there a way to query the domain "prefix" of a user which will not
change depending on the fact if the user has ever tried to login to the
server or not?
Does it maybe depend on some command line option?

FYI: getent passwd shows the same behaviour.



Thank you very much for your help and assistance!

Heiner