[Samba] wbinfo -i output different before 1st authentication
Rowland Penny
rpenny at samba.org
Sun Mar 11 16:09:27 UTC 2018
On Sun, 11 Mar 2018 16:48:53 +0100
Heiner Lesaar via samba <samba at lists.samba.org> wrote:
> Dear all,
>
> on CentOs7 based linux w. different versions of Samba (4.6.x from
> CentOS repos, but also Sernet-Samba-4.7.4 and also compiled from
> source), "wbinfo -i user at domain.tld" returns different results before
> the first successful authentication of the user.
>
> Server joined as member to Active Directory, idmapping via tdb2.
>
> On first attempt, the result returns "DOMAIN-REALM+Username", but
> after 1st login it switches to "NTDOMAIN+Username" (which is also the
> correct output). The tdb files also show the "wrong" info until the
> login is done (according to tdbdump comparison). It does not matter
> if the login happens on a client or like in my example "locally" via
> smbclient.
>
>
> See command output examples:
>
> #########
> 1st execution after user creation in AD:
>
> # $ wbinfo -i newuser at test.intern
>
> # TEST.INTERN+newuser:*:16777239:16777216::/home/TEST.
> INTERN/newuser:/bin/false
>
> Authentication (e.g. here via smbclient):
>
> # $ smbclient \\\\127.0.0.1\\sharename -U newuser at test.intern
>
> Execution after 1st login:
>
> # $ wbinfo -i newuser at test.intern
>
> # TEST+newuser:*:16777239:16777216::/home/TEST/newuser:/bin/false
>
> #########
>
> We use the command output to create database entries in a in-house
> developed database / application to centrally manage client logins
> from various operating systems.
>
> My questions are:
>
> 1) Is this expected behaviour or is it influenced by some smb.conf or
> krb5.conf option that we are not aware of?
>
That's actually two questions ;-) but the answers are yes and no in
that order.
See here for more info:
https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed
Under 'winbind changes'
Rowland
More information about the samba
mailing list