I would like to have winbind map all of my AD users to their full user@REALM form on the Linux domain members. I'd like lookups to be properly canonical. Is this possible? 'getent passwd user' should return: user@REALM.NET:*:1786588783:1786588745:Mr Man:/home/whatever:/bin/bash I'm finding my options are to either have the local names be plain, unprefixed, or prefixed, but without the ability to do canonical mappings. It can either be `user` or `DOM\user`. But if it's DOM\user, lookups for 'user' don't work properly.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jerome Haltom wrote:> I would like to have winbind map all of my AD users to their full > user@REALM form on the Linux domain members. I'd like lookups to be > properly canonical. Is this possible?No. But I go have a patch pending that does the reverse: $ getent passwd lee.zard@ad.plainjoe.org AD\lizard:*:100026:100000:Lee Zard:/home/win/AD/lizard:/bin/bash cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGjk24IR7qMdg1EfYRAhv8AJ4qUXtX31nYsBfnu0n3vLUKOatsQACfQXUG 7Q5h7Sf+FLGSuJAA866FU2U=GPfp -----END PGP SIGNATURE-----
On Fri, 2007-07-06 at 14:40 -0500, Gerald (Jerry) Carter wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jerome Haltom wrote: > > Would it be much work to add some sort of format string policy to > > smb.conf to govern this mapping? > > > > winbind user name = %U@%D > > winbind group name = %G@%D > > > > This would ideally allow lookups for all of the various > > possibilities to resolve to the single canonical name. > > Yup. It would be a huge amount of work with no benefit > IMO.It would also make the code a lot more fragile imo, we have already been bitten by the winbind separator and winbind use default domain to allow madness slip in again. Not unless it is really really necessary. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: idra@samba.org http://samba.org