Your message dated Mon, 17 Jul 2017 11:26:48 +1200
with message-id <[email protected]>
and subject line closing as per documented smb.conf syntax
has caused the Debian Bug report #617449,
regarding does not honor "winbind use default domain = yes"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
617449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617449
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: winbind
Version: 2:3.5.6~dfsg-3squeeze2
Severity: important
Hello,
I was upgrading one of my production servers from lenny to squeeze and it
seems that in the new version of winbind the "winbind use default domain =
yes" option is not behaving like it used to. I have this set in my
/etc/smb.conf so that we can use AD logins without qualifying them with
the DOMAIN\, however now that doesn't work anymore. For example:
# wbinfo -u | grep administrator
DOMAIN\administrator
This has the consequence that none of the AD usernames are found normally. For
example:
# getent passwd administrator
# getent passwd DOMAIN\\administrator
DOMAIN\administrator:*:10000:10000::/home/DOMAIN/administrator:/bin/bash
Any help would be appreciated!
Thanks,
--Joe
PS - Here's the usefule part of my /etc/smb.conf:
# grep -v ^# /etc/samba/smb.conf | grep -v ^$ | grep -v ^\;
[global]
workgroup = DOMAIN
server string = %h server
wins server = 192.168.XXX.YYY
include = /etc/samba/dhcp.conf
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = DOMAIN
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
pam password change = yes
message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind enum groups = yes
winbind enum users = yes
winbind separator = \\
winbind use default domain = yes
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
#
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'squeeze-updates'), (500, 'oldstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages winbind depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libcomerr2 1.41.12-2 common error description library
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1+lenny2 OpenLDAP libraries
ii libpam-runtime 1.1.1-6.1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libpopt0 1.16-1 lib for parsing cmdline parameters
ii libtalloc2 2.0.1-1 hierarchical pool based memory all
ii libwbclient0 2:3.5.6~dfsg-3squeeze2 Samba winbind client library
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii samba-common 2:3.5.6~dfsg-3squeeze2 common files used by both the Samb
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
winbind recommends no packages.
winbind suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
As per https://bugzilla.samba.org/show_bug.cgi?id=7999#c3
[global]
winbind separator = \\
winbind use default domain = yes
becomes (run testparm -v)
[global]
winbind separator = \winbind use default domain = yes
This is documented in 'man smb.conf' with:
Any line ending in a “\” is continued on the next line in the
customary UNIX fashion.
Therefore this isn't a bug.
Sorry,
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
--- End Message ---
