Bug 15399 - Allow user and groups in form user@workgroup.com
Summary: Allow user and groups in form user@workgroup.com
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.15.5
Hardware: All Linux
: P5 enhancement (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-22 08:29 UTC by Jonathan Brielmaier
Modified: 2023-06-22 08:29 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Brielmaier 2023-06-22 08:29:46 UTC
It would be nice if winbind would allow the _consequent_ usage/display of user/group names in the form of user@workgroup.com.

At work we are migrating currently from sssd back to winbind, due to it's RID support for stable UIDs/GIDs.

In sssd this is possible and looks like this:

$ ssh user@workgroup.com@HOST1
$ id user@workgroup.com
$ ls -al /home/workgroup.com/user
drwx------ 5 user@workgroup.com samba_group@workgroup.com  103 12. Jun 14:14 .
$ grep AllowGroups /etc/ssh/sshd_config
AllowGroups local_unix_group samba_group@workgroup.com

With winbind this doesn't seem possible in such a way.
We have set `winbind use default domain = no`.

Then it looks like this:
$ id user@workgroup.com
$ id WORKGROUP\\user (works as well)

All the other commands use the WORKGROUP\user nomenclature.
$ ssh user@WORKGROUP@HOST1
$ ssh WORKGROUP\user@HOST1 -> does not work
$ ls -al /home/workgroup.com/user
drwxr-x--- 4 WORKGROUP\user WORKGROUP\samba_group    4096 Jun 15 17:10 .
$ grep AllowGroups /etc/ssh/sshd_config
AllowGroups local_unix_group WORKGROUP\samba_group