I'm trying to replace an existing nss_ldap setup with winbind, and I've got it set with winbind use default domain = yes. I've cast about for a separate configuration for this but I didn't find anything.. So: $ getent passwd jgg jgg:x:2009:1000:Jason Gunthorpe,,,:/home/jgg:/bin/bash $ getent group wsudoers wsudoers:x:1002:ORCORP\jgg Oops. The users in the group list should not be prefixed with the domain. This causes various sorts of subtle breakage. Interestingly the pam module seems to get it right, but things like sudo and id do not work: $ id jgg uid=2009(jgg) gid=1000(orc) groups=1000(orc),4(adm) wbinfo doesn't seem to work too well either: $ wbinfo --group-info wsudoers wsudoers:x:1002 Maybe that is expected wbinfo output? This is the smb.conf: [global] workgroup = ORCORP realm = ADS.ORCORP.CA os level = 0 log level = 3 security = ads password server = ads0.ads.orcorp.ca use kerberos keytab = true idmap domains = ORCORP idmap config ORCORP:backend = ad idmap config ORCORP:readonly = yes idmap config ORCORP:default = yes idmap config ORCORP:range = 1000-11000 idmap config ORCORP:schema_mode = rfc2307 idmap alloc backend = tdb idmap alloc config:range = 300000000 - 310000000 winbind nss info = rfc2307 winbind use default domain = yes winbind offline logon = yes winbind refresh tickets = yes winbind normalize names = yes encrypt passwords = true dns proxy = no log file = /var/log/samba/log.%m panic action = /usr/share/samba/panic-action %d obey pam restrictions = yes guest account = nobody invalid users = root unix charset = "UTF8" name resolve order = lmhosts host wins bcast This is on ubuntu gutsy using a compilation from the ibex packaging
Obnox, I think you are already working on a fix for that one, right?
Right, I am working on a fix for this.
Fixes have gone into the v3-2-test v3-3-test and master branches. Will go into one of the next bugfix releases. Domain prefix is now consistently added or not added according to winbindd use default domain. Please reopen if bug persists.