[Samba] Suppressing DOMAIN on AD-DC Machine

Andrew Bartlett abartlet at samba.org
Tue May 26 22:31:06 UTC 2020


On Tue, 2020-05-26 at 18:32 +0100, Nick Piggott via samba wrote:
> Hello,
> 
> Here's my setup:
> * Ubuntu 18.04 LTS
> * Samba 4.7.6
> * Active Directory (provided by Samba)
> * Postfix 3.3.0
> * Mailutils 3.4
> 
> On this machine, my AD usernames are showing in the format
> DOMAIN\username
> 
> All the machines in the AD have a directive in their
> /etc/samba/smb.conf
> file
> winbind use default domain = yes
> however this doesn't work on this machine acting as the AD-DC, and
> looking
> through the mailing list, this is by design, and unlikely to change.
> (It
> does work on the workstations where users are just shown as their
> username).
> 
> Having the format DOMAIN\username is making using Postfix / Mailutils
> very
> difficult. Originating emails ("From: DOMAIN\username at domain.com")
> are
> being rejected by mail relays, and case folding on Postfix means I
> end up
> with two mail files for each user in /var/mail (DOMAIN\username and
> domain\username).
> 
> Is there any way to suppress the DOMAIN section of a username on the
> AD-DC
> machine? Or an alternative approach to fixing this issue. (I've
> looked at
> re-writing in Postfix, and it's ugly).

This is what the "winbind use default domain" option is for.  

I'm sorry it isn't working on the AD DC.  While written for exactly
this purpose, and while popular with administrators it was horribly
unpopular with my fellow developers so the use cases have not been
extended.

My best suggestion is a member server.  This helps split up the roles
better anyway and makes it easier to upgrade the AD DC independently.

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba






More information about the samba mailing list