samba - Jun 2015 - winbind on the DC again ... sorry

I just tried to update from samba-4.1-18 to 4.2.2. For my small network, 
I was quite happy with the manner in which 4.1.18 winbind worked on my 
clients and the DC. In order to get around the limitations of winbind on 
the DC I took advantage of the smb.conf parameters:

template homedir = /home/%ACCOUNTNAME%
template shell = /bin/bash

Since I had a single domain this setup works fine for me. On the DC the 
variable %ACCOUNTNAME% would get the username substituted and since the 
template homedir put the user home directory in the same place as the AD 
database everything works. For example on any Linux client or the DC I 
could do:

 > getent passwd user
user:*:3001107:3000513:Joe User:/home/user:/bin/bash

and everything would be correct.

So now I update to 4.2.2 and tried to use the old winbind so I added the 
lines:

server services = -winbindd +winbind

Everything sort of works except that:

 > getent passwd user
user:*:3001107:3000513:Joe User:/home/%ACCOUNTNAME%:/bin/bash

Note that %ACCOUNTNAME% did not get the proper substitution of user.

So I took out the "server services" line and used the winbindd and
still
get:

 > getent passwd user
user:*:3001107:3000513:Joe User:/home/%ACCOUNTNAME%:/bin/bash

So then I removed the "template homedir" and I get:

 > getent passwd user
user:*:3001107:3000513:Joe User:/home/DOMAIN/user:/bin/bash

I worked around the issue on the DC by making links in /home/DOMAIN to 
the user home directories in /home. However it seems to me that the fact 
the variable %ACCOUNTNAME% is not getting substituted is a bug. Did I 
miss some documentation regarding the use of %ACCOUNTNAME%? I am 
guessing many of you don't use the template parameters so maybe this 
isn't such a big deal for you. Nonetheless, I did not expect this 
behavior with the upgrade.

As an aside it is kind of annoying that winbindd still does not work the 
same way on the DC as the client. That would make life so nice for those 
of us with small networks and limited budgets and cannot afford to have 
a separate member file server.

Thanks.

-- 
Paul (ganci at nurdog.com)
(303)257-5208

On 14/06/15 19:14, Paul R. Ganci wrote:
> I just tried to update from samba-4.1-18 to 4.2.2. For my small 
> network, I was quite happy with the manner in which 4.1.18 winbind 
> worked on my clients and the DC. In order to get around the 
> limitations of winbind on the DC I took advantage of the smb.conf 
> parameters:
>
> template homedir = /home/%ACCOUNTNAME%
Try 'template homedir = /home/%U'
> template shell = /bin/bash
>
> Since I had a single domain this setup works fine for me. On the DC 
> the variable %ACCOUNTNAME% would get the username substituted and 
> since the template homedir put the user home directory in the same 
> place as the AD database everything works. For example on any Linux 
> client or the DC I could do:
>
> > getent passwd user
> user:*:3001107:3000513:Joe User:/home/user:/bin/bash
>
> and everything would be correct.
>
> So now I update to 4.2.2 and tried to use the old winbind so I added 
> the lines:
>
> server services = -winbindd +winbind
>
> Everything sort of works except that:
>
> > getent passwd user
> user:*:3001107:3000513:Joe User:/home/%ACCOUNTNAME%:/bin/bash
>
> Note that %ACCOUNTNAME% did not get the proper substitution of user.
>
> So I took out the "server services" line and used the winbindd
and
> still get:
>
> > getent passwd user
> user:*:3001107:3000513:Joe User:/home/%ACCOUNTNAME%:/bin/bash
>
> So then I removed the "template homedir" and I get:
>
> > getent passwd user
> user:*:3001107:3000513:Joe User:/home/DOMAIN/user:/bin/bash
>
> I worked around the issue on the DC by making links in /home/DOMAIN to 
> the user home directories in /home. However it seems to me that the 
> fact the variable %ACCOUNTNAME% is not getting substituted is a bug. 
> Did I miss some documentation regarding the use of %ACCOUNTNAME%? I am 
> guessing many of you don't use the template parameters so maybe this 
> isn't such a big deal for you. Nonetheless, I did not expect this 
> behavior with the upgrade.
Not sure, will have a look and if there isn't anything, I will add it.
> As an aside it is kind of annoying that winbindd still does not work 
> the same way on the DC as the client. That would make life so nice for 
> those of us with small networks and limited budgets and cannot afford 
> to have a separate member file server.
>
I pointed this out whilst 4.2.0 was an rc and was told that patches are 
more than welcome.

Rowland
> Thanks.
>