Bug 5054 - winbind default domain specification
Summary: winbind default domain specification
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Config Files (show other bugs)
Version: 3.2.0
Hardware: x86 Linux
: P3 enhancement
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2007-10-31 15:45 UTC by Liam Ford
Modified: 2008-03-19 09:34 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Liam Ford 2007-10-31 15:45:41 UTC
I was under the impression (perhaps falsely) that this version of Samba would include a config option to set the default domain stripped by winbind.  I am talking about having, instad of "winbind use default domain = yes" you would be able to specify "winbind strip domain = CORP" (or something similiar).  This would be an extremely useful option to have, especcially as you guys are now successfully (I've tested it!) supporting passing authentication data through one way trusts.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2007-10-31 16:24:16 UTC
The stripped domain is always the primary domain of the host.
There are no plans to change this.
Comment 2 Liam Ford 2007-10-31 20:03:41 UTC
I understand how it currently works but, with one way trust authentication in 3.2, I think it deserves some looking at.  The reason I say this is that if a machine belongs to a leaf domain that trusts a larger central domain (through a one way trust), the likelyhood is that most of the users and groups are going to be members of the trusted domain and that the leaf domain will only contain a small ammount of locally supported machines.

Anyway, I put this in as an enhancement because I know it would be pretty useful.  Thanks for the response, and I'll keep crossing my fingers.
Comment 3 mchugh19@yahoo.com 2008-03-19 09:06:22 UTC
It would be handy to have such an option for those operating with multiple domains. If you have strip domain option pointing to DOM1 DOM2, then you could attempt a lookup for the first domain, and if unsuccessful, attempt for the second.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2008-03-19 09:34:04 UTC
The current default domain option has caused too much trouble already.
Not fixing this.