Linda Walsh
2011-Aug-01 11:49 UTC
[Samba] Why isn't "<Domain>\<User>' = to <User> on PDC? Isn't it supposed to be?
When I access my PDC, via a unix service, from a Domain client with a domain login, the PDC attempts to validate <Domain>\<User> against the the authentication DB, but on a mounted file system, a user on the PDC = '<domain>\<user>' ... (which is what I thought it should be). But if I use 'ssh <Pdc>', it authenticates as user 'Domain\User' Now I hacked around this for myself, by adding an entry to the /etc/passwd that dups my PDC usr, except prefixes it with the Domain name. in /etc/passwd: linda:x:1001:201:linda at localhost:/home/me:/bin/bash Domain\linda:x:1001:201:linda at Domain:/home/me:/bin/bash --- But that just seems 'wrong'.... Shouldn't pam_winbind, in the pam stack be 'Domain' & PDC aware? Or would that just be an RFE?? How do others deal with the above issues? Or is something 'handling' them (i.e. doing the mapping?) ---- Note, that "wbinfo -u" and "wbinfo --domain=DOMAIN -u" return identical lists. so why isn't pam_winbind treating DOMAIN\USER as USER?
Maybe Matching Threads
- wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
- flac -- exhaustive model search vs. -A <*>?
- pam_winbind([sshd|su|...]:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
- Anyone try 'ssh server" and get "Password for DOMAIN\USER:>>"
- PDC forgot it was part of domain... "official" (ha!) samba hack around to fix...