Heiner Lesaar
2018-Mar-11 15:48 UTC
[Samba] wbinfo -i output different before 1st authentication
Dear all, on CentOs7 based linux w. different versions of Samba (4.6.x from CentOS repos, but also Sernet-Samba-4.7.4 and also compiled from source), "wbinfo -i user at domain.tld" returns different results before the first successful authentication of the user. Server joined as member to Active Directory, idmapping via tdb2. On first attempt, the result returns "DOMAIN-REALM+Username", but after 1st login it switches to "NTDOMAIN+Username" (which is also the correct output). The tdb files also show the "wrong" info until the login is done (according to tdbdump comparison). It does not matter if the login happens on a client or like in my example "locally" via smbclient. See command output examples: ######### 1st execution after user creation in AD: # $ wbinfo -i newuser at test.intern # TEST.INTERN+newuser:*:16777239:16777216::/home/TEST. INTERN/newuser:/bin/false Authentication (e.g. here via smbclient): # $ smbclient \\\\127.0.0.1\\sharename -U newuser at test.intern Execution after 1st login: # $ wbinfo -i newuser at test.intern # TEST+newuser:*:16777239:16777216::/home/TEST/newuser:/bin/false ######### We use the command output to create database entries in a in-house developed database / application to centrally manage client logins from various operating systems. My questions are: 1) Is this expected behaviour or is it influenced by some smb.conf or krb5.conf option that we are not aware of? 2) Is there a way to query the domain "prefix" of a user which will not change depending on the fact if the user has ever tried to login to the server or not? Does it maybe depend on some command line option? FYI: getent passwd shows the same behaviour. Thank you very much for your help and assistance! Heiner
Rowland Penny
2018-Mar-11 16:09 UTC
[Samba] wbinfo -i output different before 1st authentication
On Sun, 11 Mar 2018 16:48:53 +0100 Heiner Lesaar via samba <samba at lists.samba.org> wrote:> Dear all, > > on CentOs7 based linux w. different versions of Samba (4.6.x from > CentOS repos, but also Sernet-Samba-4.7.4 and also compiled from > source), "wbinfo -i user at domain.tld" returns different results before > the first successful authentication of the user. > > Server joined as member to Active Directory, idmapping via tdb2. > > On first attempt, the result returns "DOMAIN-REALM+Username", but > after 1st login it switches to "NTDOMAIN+Username" (which is also the > correct output). The tdb files also show the "wrong" info until the > login is done (according to tdbdump comparison). It does not matter > if the login happens on a client or like in my example "locally" via > smbclient. > > > See command output examples: > > ######### > 1st execution after user creation in AD: > > # $ wbinfo -i newuser at test.intern > > # TEST.INTERN+newuser:*:16777239:16777216::/home/TEST. > INTERN/newuser:/bin/false > > Authentication (e.g. here via smbclient): > > # $ smbclient \\\\127.0.0.1\\sharename -U newuser at test.intern > > Execution after 1st login: > > # $ wbinfo -i newuser at test.intern > > # TEST+newuser:*:16777239:16777216::/home/TEST/newuser:/bin/false > > ######### > > We use the command output to create database entries in a in-house > developed database / application to centrally manage client logins > from various operating systems. > > My questions are: > > 1) Is this expected behaviour or is it influenced by some smb.conf or > krb5.conf option that we are not aware of? >That's actually two questions ;-) but the answers are yes and no in that order. See here for more info: https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed Under 'winbind changes' Rowland
Maybe Matching Threads
- wbinfo -i output different before 1st authentication
- Bug: Dovecot index loosing sync with FTS despite "fts_autoindex = yes"
- Bug: Dovecot index loosing sync with FTS despite "fts_autoindex = yes"
- Bizarre permissions problem
- Problem adding new users after upgrade to 3.4.0