Hello once again, I've got winbind doing authentication not just for the samba service but also sshd and login. It's great. However, I have to give a fully-qualified username (e.g. "GENEEDINC+chris.palmer") as the username when logging in via these methods. I wondered, Is there any way to get winbindd to insert the domain and the separator for the user, when none is provided?
I checked winbindd(8). There is $WINBINDD_DOMAIN, but my expectations about what it provides appear to be wrong -- it's a security restriction and not a user-friendly helper. === Client processes resolving names through the winbindd nss- witch module read an environment variable named $WIN- BINDD_DOMAIN. If this variable contains a comma separated list of Windows NT domain names, then winbindd will only resolve users and groups within those Windows NT domains. === Figuring sshd was the client of winbindd, I tried this: === # WINBINDD_DOMAIN=GENEEDINC sshd # ssh -l chris.palmer localhost chris.palmer@localhost's password: Permission denied, please try again. chris.palmer@localhost's password: Permission denied, please try again. chris.palmer@localhost's password: Permission denied (publickey,password,keyboard-interactive). === The contents of /var/log/secure ("sshd[15753]: input_userauth_request: illegal user chris.palmer") suggest that it didn't assume "GENEEDINC+" at the beginning of my username like I'd hoped. It'd be nice if there were an smb.conf option for [global] like "default winbind domain = WHATEVER". Is there a plan to include such a feature in the future, or does this feature exist and I just haven't found it? Thanks again, -- Chris Palmer Systems Programmer GeneEd -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba