Implement smb.conf(5) global option "trim default domain", which trims the leading "DOMAIN\" in usernames looked up from the local passwd database; this may be present with when security=domain or security=ads. Setting smb.conf(5): security = ADS trim default domain = yes winbind use default domain = yes allows "passwd: files winbind" in nsswitch.conf(5) to use /etc/passwd ("files") for username->UID mapping, falling back to a dynamic UID from winbindd(8) ("winbind") for users only in ADS and not in /etc/passwd. (The prior behaviour without this option was that smbd(8) tried to lookup "DOMAIN\user" from /etc/passwd, not find it, and then lookup via winbindd(8), and the latter will fake up an entry for DOMAIN\user.) Index: auth/auth_util.c =================================================================== --- auth/auth_util.c 8 Jul 2004 17:06:11 -0000 1.1.1.4 +++ auth/auth_util.c 28 Oct 2004 07:08:55 -0000 @@ -990,6 +990,19 @@ struct passwd *smb_getpwnam( char *domus if ( p ) { fstring strip_username; + char oldsep; + + /* if 'trim default domain' and the DOMAIN\ is the same + as the workgroup, don't lookup DOMAIN\ */ + oldsep = *p; + *p = '\0'; + if (lp_trim_default_domain() + && strequal(lp_workgroup(), username)) { + DEBUG(7,("My domain -- skipping %s%c%s lookup\n", username, oldsep, p+1)); + *p = oldsep; + goto trim_default_domain; + } + *p = oldsep; pw = Get_Pwnam( domuser ); if ( pw ) { @@ -1008,10 +1021,12 @@ struct passwd *smb_getpwnam( char *domus else fstrcpy( save_username, pw->pw_name ); + DEBUG(7,("Get_Pwnam domain user [%s] result [%s]\n", domuser, save_username)); /* whew -- done! */ return pw; } + trim_default_domain: /* setup for lookup of just the username */ /* remember that p and username are overlapping memory */ @@ -1031,6 +1046,7 @@ struct passwd *smb_getpwnam( char *domus if (username[strlen(username)-1] == '$') return NULL; + DEBUG(7,("plain user not found, attempt to create\n")); auth_add_user_script(NULL, username); pw = Get_Pwnam(username); } @@ -1039,6 +1055,7 @@ struct passwd *smb_getpwnam( char *domus if ( pw ) fstrcpy( save_username, pw->pw_name ); + DEBUG(7,("Get_Pwnam plain user [%s] result [%s]\n", username, save_username)); return pw; } Index: param/loadparm.c =================================================================== --- param/loadparm.c 12 Sep 2004 03:47:16 -0000 1.1.1.6 +++ param/loadparm.c 28 Oct 2004 07:09:00 -0000 @@ -288,6 +288,7 @@ typedef struct BOOL bDisableNetbios; BOOL bKernelChangeNotify; BOOL bUseKerberosKeytab; + BOOL bTrimDefaultDomain; BOOL bDeferSharingViolations; int restrict_anonymous; int name_cache_timeout; @@ -867,6 +868,7 @@ static struct parm_struct parm_table[] = {"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_HIDE}, {"preload modules", P_LIST, P_GLOBAL, &Globals.szPreloadModules, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL}, {"use kerberos keytab", P_BOOL, P_GLOBAL, &Globals.bUseKerberosKeytab, NULL, NULL, FLAG_ADVANCED}, + {"trim default domain", P_BOOL, P_GLOBAL, &Globals.bTrimDefaultDomain, NULL, NULL, FLAG_ADVANCED}, {N_("Logging Options"), P_SEP, P_SEPARATOR}, @@ -1763,6 +1765,7 @@ FN_GLOBAL_BOOL(lp_client_use_spnego, &Gl FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups) FN_GLOBAL_BOOL(lp_kernel_change_notify, &Globals.bKernelChangeNotify) FN_GLOBAL_BOOL(lp_use_kerberos_keytab, &Globals.bUseKerberosKeytab) +FN_GLOBAL_BOOL(lp_trim_default_domain, &Globals.bTrimDefaultDomain) FN_GLOBAL_BOOL(lp_defer_sharing_violations, &Globals.bDeferSharingViolations) FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level) FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl)