samba - Mar 2005 - Samba 2.2 vs. 3: Domain Member & Winbind quick question

I have a Samba 2.2 box set up as a member server in a Windows domain.
Any random Windows domain user can connect and a local Linux system
account is created on the fly, as it should.

I am trying to do the same on another box with Samba 3. However, when I
connect from a Windows domain member, I get prompted for credentials. If I
enter domain\username and my password, I connect and a local Linux
system account is created on the fly, and all is good. But 2.2 doesn't
prompt, and I don't want to be prompted by 3.0!

#/etc/samba/smb.conf
[global]
        workgroup = DOMAIN
        server string = Samba Server
        security = DOMAIN
        passdb backend = tdbsam:/etc/samba/private/passdb.tdb
        log file = /var/log/samba.%m
        max log size = 50
        add user script = /usr/sbin/useradd -g users %u
        dns proxy = No
        wins server = 1.2.3.4, 2.3.4.5
        ldap ssl = no
        idmap uid = 10000-200000
        idmap gid = 10000-200000
        winbind use default domain = Yes
        netbios name = SERVER
        password server = *

#/etc/nsswitch.conf
passwd:         compat winbind
group:          compat winbind
hosts:          files dns
networks:       files
services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
bootparams:     files
automount:      files
aliases:        files

When Windows makes the initial connection before I get prompted in Windows:
#/var/log/samba.clienthostname
[2005/03/16 11:37:22, 0] auth/auth_util.c:make_server_info_info3(1120)
  make_server_info_info3: pdb_init_sam failed!
useradd: invalid user name 'USERNAME'
useradd: invalid user name 'USERNAME'
useradd: invalid user name 'USERNAME'

After I enter domain\username in Windows prompt:
#/var/log/samba.clienthostname
[2005/03/16 15:27:41, 1] smbd/service.c:make_connection_snum(619)
  clienthostname (1.2.3.4) connect to service sharename initially as
user username (uid=1000, gid=100) (pid 1016)

It almost seems as if the initial connection by Windows is sending the
naked username, without the domain\ in front. Is there a way to tell
Winbind to add domain\ in front of naked usernames or something? As
you can see above I turned on 'winbind use default domain' but
obviously that does not fix the problem.

Help?

Hi,

search the list archives of samba-users for my name, I posted a patch to 
winbindd a couple of years ago that solved this problem for me back then. 

HTH,
Schlomo

On Thu, 17 Mar 2005, Tyler Thueson wrote:
> I have a Samba 2.2 box set up as a member server in a Windows domain.
> Any random Windows domain user can connect and a local Linux system
> account is created on the fly, as it should.
> 
> I am trying to do the same on another box with Samba 3. However, when I
> connect from a Windows domain member, I get prompted for credentials. If I
> enter domain\username and my password, I connect and a local Linux
> system account is created on the fly, and all is good. But 2.2 doesn't
> prompt, and I don't want to be prompted by 3.0!
> 
> #/etc/samba/smb.conf
> [global]
>         workgroup = DOMAIN
>         server string = Samba Server
>         security = DOMAIN
>         passdb backend = tdbsam:/etc/samba/private/passdb.tdb
>         log file = /var/log/samba.%m
>         max log size = 50
>         add user script = /usr/sbin/useradd -g users %u
>         dns proxy = No
>         wins server = 1.2.3.4, 2.3.4.5
>         ldap ssl = no
>         idmap uid = 10000-200000
>         idmap gid = 10000-200000
>         winbind use default domain = Yes
>         netbios name = SERVER
>         password server = *
> 
> #/etc/nsswitch.conf
> passwd:         compat winbind
> group:          compat winbind
> hosts:          files dns
> networks:       files
> services:       files
> protocols:      files
> rpc:            files
> ethers:         files
> netmasks:       files
> netgroup:       files
> bootparams:     files
> automount:      files
> aliases:        files
> 
> When Windows makes the initial connection before I get prompted in Windows:
> #/var/log/samba.clienthostname
> [2005/03/16 11:37:22, 0] auth/auth_util.c:make_server_info_info3(1120)
>   make_server_info_info3: pdb_init_sam failed!
> useradd: invalid user name 'USERNAME'
> useradd: invalid user name 'USERNAME'
> useradd: invalid user name 'USERNAME'
> 
> After I enter domain\username in Windows prompt:
> #/var/log/samba.clienthostname
> [2005/03/16 15:27:41, 1] smbd/service.c:make_connection_snum(619)
>   clienthostname (1.2.3.4) connect to service sharename initially as
> user username (uid=1000, gid=100) (pid 1016)
> 
> It almost seems as if the initial connection by Windows is sending the
> naked username, without the domain\ in front. Is there a way to tell
> Winbind to add domain\ in front of naked usernames or something? As
> you can see above I turned on 'winbind use default domain' but
> obviously that does not fix the problem.
> 
> Help?
> 
> 
-- 
Regards,
Schlomo

> search the list archives of samba-users for my name, I posted a patch to 
> winbindd a couple of years ago that solved this problem for me back then. 
Thank you very much for the reply!!

I found your patch but it worries me that there is such a glaring bug
in winbindd and that it's been there for four years. One of the goals
of the Samba project is to replace Windows servers, but in this case
3.0 fails to do something that 2.2 did -- something I consider basic
functionality. But maybe using Samba as a member server in a Windows
domain is something that not very many people do?

Jerry,

I submitted https://bugzilla.samba.org/show_bug.cgi?id=2546 on this.
Thanks for your help!