[Pkg-samba-maint] Bug#617449: does not honor "winbind use default domain = yes"
Joseph Nahmias
joe at nahmias.net
Wed Mar 9 00:58:29 UTC 2011
Package: winbind
Version: 2:3.5.6~dfsg-3squeeze2
Severity: important
Hello,
I was upgrading one of my production servers from lenny to squeeze and it
seems that in the new version of winbind the "winbind use default domain =
yes" option is not behaving like it used to. I have this set in my
/etc/smb.conf so that we can use AD logins without qualifying them with
the DOMAIN\, however now that doesn't work anymore. For example:
# wbinfo -u | grep administrator
DOMAIN\administrator
This has the consequence that none of the AD usernames are found normally. For example:
# getent passwd administrator
# getent passwd DOMAIN\\administrator
DOMAIN\administrator:*:10000:10000::/home/DOMAIN/administrator:/bin/bash
Any help would be appreciated!
Thanks,
--Joe
PS - Here's the usefule part of my /etc/smb.conf:
# grep -v ^# /etc/samba/smb.conf | grep -v ^$ | grep -v ^\;
[global]
workgroup = DOMAIN
server string = %h server
wins server = 192.168.XXX.YYY
include = /etc/samba/dhcp.conf
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = DOMAIN
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind enum groups = yes
winbind enum users = yes
winbind separator = \\
winbind use default domain = yes
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
#
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'squeeze-updates'), (500, 'oldstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages winbind depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libcomerr2 1.41.12-2 common error description library
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1+lenny2 OpenLDAP libraries
ii libpam-runtime 1.1.1-6.1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libpopt0 1.16-1 lib for parsing cmdline parameters
ii libtalloc2 2.0.1-1 hierarchical pool based memory all
ii libwbclient0 2:3.5.6~dfsg-3squeeze2 Samba winbind client library
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii samba-common 2:3.5.6~dfsg-3squeeze2 common files used by both the Samb
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
winbind recommends no packages.
winbind suggests no packages.
-- no debconf information
More information about the Pkg-samba-maint
mailing list