[Samba] winbind use default domain = yes doesn't work on Samba 4.13?

Jiří Černý cerny at svmetal.cz
Mon Nov 23 11:46:04 UTC 2020


Hello, Rowland.
Yes, user presents in domain. I can't say if there is local account
with same name machine. The machine is CNC milling machine with some
linux/unix PC inside.
We can set only path to share and credentials and only via GUI. It's
hard to debug in this environment.

So I have only log.smbd on fileserver.

Before upgrade, log entries were:
[2020/09/29 05:43:26.537994,  2]
../../source3/auth/auth.c:310(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [dmu60evo] ->
[dmu60evo] -> [DOMAIN\dmu60evo] succeeded

After upgrade, with dmu60evo at DOMAIN:
[2020/11/23 05:39:22.764641,  2]
../../source3/auth/auth.c:323(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [dmu60evo at DOMAIN] ->
[dmu60evo at DOMAIN] -> [DOMAIN\dmu60evo] succeeded

I also tried DOMAIN\\dmu60evo with same results.

So it looks good. But doesn't work -> machine operator can't browse
files on the share.
Maybe it's just Fedora problem. I'll try to deploy CentOS fileserver
with sernet-samba packages and test with the same smb.conf.

Jiri
>>> Rowland penny <rpenny at samba.org> 20.11.2020 15:34 >>>
On 20/11/2020 13:45, Jiří Černý via samba wrote:
> Yes.
> In the first name, I wrote DOMAIN, but our real workgroup is
SVMETAL,
> as you cas see in smb.conf.

OK, 4.13.2 with 'winbind use default domain = yes' works for myself and

there isn't anything really wrong with your smb.conf, but there was
this:

So, we have user dmu60evo in our domain, but on client machine, we are
not able to use username in format DOMAIN\dmu60evo. So we have to use
winbind use default domain = yes.

Why can you not use 'DOMAIN\dmu60evo' ?
Is dmu60evo a local Unix user as well as being in AD ?

Rowland







More information about the samba mailing list