I'm trying to join my FC6 box to our Active Directory domain. For the most
part the setup was pretty straightforward, but it just doesn't seem like
winbind separator is being honored.
When I do a 'getent passwd' I get the following:
AVWORLD\johnXXXX:*:16782801:16777216:XXXXXXXX:/home/AVWORLD/johnXXXX:/bin/bash
AVWORLD\liliXXXX:*:16782802:16777216:XXXXXXXXXXX:/home/AVWORLD/liliXXXX:/bin/bash
AVWORLD\juliXXXX:*:16782803:16777216:XXXXXXXX:/home/AVWORLD/juliXXXX:/bin/bash
AVWORLD\yuanXXXX:*:16782804:16777216:XXXXXXXX:/home/AVWORLD/yuanXXXX:/bin/bash
AVWORLD\annaXXXX:*:16782805:16777216:XXXXXXXX:/home/AVWORLD/annaXXXX:/bin/bash
(The X's have been added to protect the innoccent :-)
However:
# testparm -sv | grep 'winbind separator'
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
winbind separator = \
As you can see, my winbind separator is set to \. No, I do not have nscd
running either, so no funky results are being cached. nsswitch.conf has
"files winbind" for passwd, shadow and group. winbindd is running
correctly
(as far as I can tell).
Here is my smb.conf file:
[global]
# General options
workgroup = AVWORLD
netbios name = LEORAY-FEDORA
realm = XXXX.COM
password server = cricket.XXXX.XXX
security = ADS
encrypt passwords = yes
preferred master = no
#winbind separator = +
printcap name = cups
printing = cups
# winbind options
idmap uid = 10000-9999999999
idmap gid = 10000-9999999999
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
(winbind separator is commented so that the default of \ is used).
I have been able to do a kinit username@DOMAIN.COM and then a net ads join
with no errors. klist shows my Kerberos ticket.
If I run a 'finger username' nothing is returned -- but if I run a
'finger
AVWORLD\\username' the entry _is_ returned.
Why isn't winbind making use of my winbind separator?
Oh yes, this is part of Samba 3.0.23c-2 (part of Fedora Core 6).
Thanks in advance!
Ray
Ray, Your winbind is using the winbind separator. If you want that your username appears as johnXXXX instead AVWORLD\johnXXX set 'winbind use default domain' to No. On 11/6/06, Ray Van Dolson <rvandolson@esri.com> wrote:> I'm trying to join my FC6 box to our Active Directory domain. For the most > part the setup was pretty straightforward, but it just doesn't seem like > winbind separator is being honored. > > When I do a 'getent passwd' I get the following: > > AVWORLD\johnXXXX:*:16782801:16777216:XXXXXXXX:/home/AVWORLD/johnXXXX:/bin/bash > AVWORLD\liliXXXX:*:16782802:16777216:XXXXXXXXXXX:/home/AVWORLD/liliXXXX:/bin/bash > AVWORLD\juliXXXX:*:16782803:16777216:XXXXXXXX:/home/AVWORLD/juliXXXX:/bin/bash > AVWORLD\yuanXXXX:*:16782804:16777216:XXXXXXXX:/home/AVWORLD/yuanXXXX:/bin/bash > AVWORLD\annaXXXX:*:16782805:16777216:XXXXXXXX:/home/AVWORLD/annaXXXX:/bin/bash > > (The X's have been added to protect the innoccent :-) > > However: > > # testparm -sv | grep 'winbind separator' > Load smb config files from /etc/samba/smb.conf > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > winbind separator = \ > > As you can see, my winbind separator is set to \. No, I do not have nscd > running either, so no funky results are being cached. nsswitch.conf has > "files winbind" for passwd, shadow and group. winbindd is running correctly > (as far as I can tell). > > Here is my smb.conf file: > > [global] > # General options > workgroup = AVWORLD > netbios name = LEORAY-FEDORA > realm = XXXX.COM > password server = cricket.XXXX.XXX > security = ADS > encrypt passwords = yes > > preferred master = no > #winbind separator = + > printcap name = cups > printing = cups > > # winbind options > idmap uid = 10000-9999999999 > idmap gid = 10000-9999999999 > winbind enum users = yes > winbind enum groups = yes > template homedir = /home/%D/%U > template shell = /bin/bash > > (winbind separator is commented so that the default of \ is used). > > I have been able to do a kinit username@DOMAIN.COM and then a net ads join > with no errors. klist shows my Kerberos ticket. > > If I run a 'finger username' nothing is returned -- but if I run a 'finger > AVWORLD\\username' the entry _is_ returned. > > Why isn't winbind making use of my winbind separator? > > Oh yes, this is part of Samba 3.0.23c-2 (part of Fedora Core 6). > > Thanks in advance! > Ray > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >-- *** Cleber P. de Souza
>> If I run a 'finger username' nothing is returned -- but if I run a'finger>> AVWORLD\\username' the entry _is_ returned.I needed this to get around fully qualified user accounts on FC5 3.0.23c: winbind use default domain = yes Roland; -----Original Message----- From: samba-bounces+rolandhordos=tundraeng.com@lists.samba.org [mailto:samba-bounces+rolandhordos=tundraeng.com@lists.samba.org]On Behalf Of Ray Van Dolson Sent: Monday, November 06, 2006 9:32 AM To: samba@lists.samba.org Subject: [Samba] FC6 and winbind separator ignored? I'm trying to join my FC6 box to our Active Directory domain. For the most part the setup was pretty straightforward, but it just doesn't seem like winbind separator is being honored. When I do a 'getent passwd' I get the following: AVWORLD\johnXXXX:*:16782801:16777216:XXXXXXXX:/home/AVWORLD/johnXXXX:/bi n/bash AVWORLD\liliXXXX:*:16782802:16777216:XXXXXXXXXXX:/home/AVWORLD/liliXXXX: /bin/bash AVWORLD\juliXXXX:*:16782803:16777216:XXXXXXXX:/home/AVWORLD/juliXXXX:/bi n/bash AVWORLD\yuanXXXX:*:16782804:16777216:XXXXXXXX:/home/AVWORLD/yuanXXXX:/bi n/bash AVWORLD\annaXXXX:*:16782805:16777216:XXXXXXXX:/home/AVWORLD/annaXXXX:/bi n/bash (The X's have been added to protect the innoccent :-) However: # testparm -sv | grep 'winbind separator' Load smb config files from /etc/samba/smb.conf Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER winbind separator = \ As you can see, my winbind separator is set to \. No, I do not have nscd running either, so no funky results are being cached. nsswitch.conf has "files winbind" for passwd, shadow and group. winbindd is running correctly (as far as I can tell). Here is my smb.conf file: [global] # General options workgroup = AVWORLD netbios name = LEORAY-FEDORA realm = XXXX.COM password server = cricket.XXXX.XXX security = ADS encrypt passwords = yes preferred master = no #winbind separator = + printcap name = cups printing = cups # winbind options idmap uid = 10000-9999999999 idmap gid = 10000-9999999999 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash (winbind separator is commented so that the default of \ is used). I have been able to do a kinit username@DOMAIN.COM and then a net ads join with no errors. klist shows my Kerberos ticket. If I run a 'finger username' nothing is returned -- but if I run a 'finger AVWORLD\\username' the entry _is_ returned. Why isn't winbind making use of my winbind separator? Oh yes, this is part of Samba 3.0.23c-2 (part of Fedora Core 6). Thanks in advance! Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba