Heiner Lesaar
2018-Mar-14 12:05 UTC
[Samba] wbinfo -i output different before 1st authentication
Thank you very much, Rowland! Very helpful. But do you say that the change in the output of „wbinfo -i“ is expected after the user has logged in? Should the use of „domain.realm“ vs „NTDOMAIN“ not be consistent, no matter if the user has logged in or not? Many regards, Heiner Von meinem iPhone gesendet> Am 11.03.2018 um 16:09 schrieb Rowland Penny <rpenny at samba.org>: > > On Sun, 11 Mar 2018 16:48:53 +0100 > Heiner Lesaar via samba <samba at lists.samba.org> wrote: > >> Dear all, >> >> on CentOs7 based linux w. different versions of Samba (4.6.x from >> CentOS repos, but also Sernet-Samba-4.7.4 and also compiled from >> source), "wbinfo -i user at domain.tld" returns different results before >> the first successful authentication of the user. >> >> Server joined as member to Active Directory, idmapping via tdb2. >> >> On first attempt, the result returns "DOMAIN-REALM+Username", but >> after 1st login it switches to "NTDOMAIN+Username" (which is also the >> correct output). The tdb files also show the "wrong" info until the >> login is done (according to tdbdump comparison). It does not matter >> if the login happens on a client or like in my example "locally" via >> smbclient. >> >> >> See command output examples: >> >> ######### >> 1st execution after user creation in AD: >> >> # $ wbinfo -i newuser at test.intern >> >> # TEST.INTERN+newuser:*:16777239:16777216::/home/TEST. >> INTERN/newuser:/bin/false >> >> Authentication (e.g. here via smbclient): >> >> # $ smbclient \\\\127.0.0.1\\sharename -U newuser at test.intern >> >> Execution after 1st login: >> >> # $ wbinfo -i newuser at test.intern >> >> # TEST+newuser:*:16777239:16777216::/home/TEST/newuser:/bin/false >> >> ######### >> >> We use the command output to create database entries in a in-house >> developed database / application to centrally manage client logins >> from various operating systems. >> >> My questions are: >> >> 1) Is this expected behaviour or is it influenced by some smb.conf or >> krb5.conf option that we are not aware of? >> > > That's actually two questions ;-) but the answers are yes and no in > that order. > > See here for more info: > > https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed > > Under 'winbind changes' > > Rowland > > > >
Seemingly Similar Threads
- wbinfo -i output different before 1st authentication
- FW: Domain member seems to work, wbinfo -u not (update4)
- Bug: Dovecot index loosing sync with FTS despite "fts_autoindex = yes"
- Bug: Dovecot index loosing sync with FTS despite "fts_autoindex = yes"
- Bug: Dovecot index loosing sync with FTS despite "fts_autoindex = yes"