[Pkg-samba-maint] Bug#617449: does not honor "winbind use default domain = yes"

Joseph Nahmias joe at nahmias.net
Wed Mar 9 00:58:29 UTC 2011

Package: winbind
Version: 2:3.5.6~dfsg-3squeeze2
Severity: important


I was upgrading one of my production servers from lenny to squeeze and it
seems that in the new version of winbind the "winbind use default domain =
yes" option is not behaving like it used to.  I have this set in my
/etc/smb.conf so that we can use AD logins without qualifying them with
the DOMAIN\, however now that doesn't work anymore.  For example:

# wbinfo -u | grep administrator

This has the consequence that none of the AD usernames are found normally.  For example:

# getent passwd administrator
# getent passwd DOMAIN\\administrator

Any help would be appreciated!

PS - Here's the usefule part of my /etc/smb.conf:

# grep -v ^# /etc/samba/smb.conf | grep -v ^$ | grep -v ^\;
   workgroup = DOMAIN
   server string = %h server
   wins server = 192.168.XXX.YYY
   include = /etc/samba/dhcp.conf
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = DOMAIN
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template shell = /bin/bash
   winbind enum groups = yes
   winbind enum users = yes
   winbind separator = \\
   winbind use default domain = yes
   comment = Home Directories
   browseable = no
   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'squeeze-updates'), (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages winbind depends on:
ii  adduser           3.112+nmu2             add and remove users and groups
ii  libc6             2.11.2-10              Embedded GNU C Library: Shared lib
ii  libcap2           1:2.19-3               support for getting/setting POSIX.
ii  libcomerr2        1.41.12-2              common error description library
ii  libgssapi-krb5-2  1.8.3+dfsg-4           MIT Kerberos runtime libraries - k
ii  libk5crypto3      1.8.3+dfsg-4           MIT Kerberos runtime libraries - C
ii  libkrb5-3         1.8.3+dfsg-4           MIT Kerberos runtime libraries
ii  libldap-2.4-2     2.4.11-1+lenny2        OpenLDAP libraries
ii  libpam-runtime    1.1.1-6.1              Runtime support for the PAM librar
ii  libpam0g          1.1.1-6.1              Pluggable Authentication Modules l
ii  libpopt0          1.16-1                 lib for parsing cmdline parameters
ii  libtalloc2        2.0.1-1                hierarchical pool based memory all
ii  libwbclient0      2:3.5.6~dfsg-3squeeze2 Samba winbind client library
ii  lsb-base          3.2-23.2squeeze1       Linux Standard Base 3.2 init scrip
ii  samba-common      2:3.5.6~dfsg-3squeeze2 common files used by both the Samb
ii  zlib1g            1:       compression library - runtime

winbind recommends no packages.

winbind suggests no packages.

-- no debconf information

More information about the Pkg-samba-maint mailing list