15399 – Allow user and groups in form user@workgroup.com

Bug 15399 - Allow user and groups in form user@workgroup.com

Summary: Allow user and groups in form user@workgroup.com

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.15.5
Hardware:	All Linux

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-22 08:29 UTC by Jonathan Brielmaier
Modified:	2023-06-22 08:29 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jonathan Brielmaier 2023-06-22 08:29:46 UTC

It would be nice if winbind would allow the _consequent_ usage/display of user/group names in the form of user@workgroup.com.

At work we are migrating currently from sssd back to winbind, due to it's RID support for stable UIDs/GIDs.

In sssd this is possible and looks like this:

$ ssh user@workgroup.com@HOST1
$ id user@workgroup.com
$ ls -al /home/workgroup.com/user
drwx------ 5 user@workgroup.com samba_group@workgroup.com  103 12. Jun 14:14 .
$ grep AllowGroups /etc/ssh/sshd_config
AllowGroups local_unix_group samba_group@workgroup.com

With winbind this doesn't seem possible in such a way.
We have set `winbind use default domain = no`.

Then it looks like this:
$ id user@workgroup.com
$ id WORKGROUP\\user (works as well)

All the other commands use the WORKGROUP\user nomenclature.
$ ssh user@WORKGROUP@HOST1
$ ssh WORKGROUP\user@HOST1 -> does not work
$ ls -al /home/workgroup.com/user
drwxr-x--- 4 WORKGROUP\user WORKGROUP\samba_group    4096 Jun 15 17:10 .
$ grep AllowGroups /etc/ssh/sshd_config
AllowGroups local_unix_group WORKGROUP\samba_group