> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: vrijdag 5 juli 2019 15:44 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] smb.conf realm parameter > > On 05/07/2019 14:31, L.P.H. van Belle via samba wrote: > > Rowland, > > > > Do you know is samba is changing the smb value here to > uppercase in the background. > > ( see: > https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html ) > > > > Because if not, i really suggest we follow the > recommendations here, (uppercase REALM) > > a mismatch in realm due to upper/lower case is really hard to find.. > > > > Just saying.. > > > > > Yes and worth saying, but I never gave it much thought before, so I > changed my realm line to: > > ??? realm = samdom.example.com > > testparm produced this amongst the output: > > ??? realm = SAMDOM.EXAMPLE.COM > > So it looks like Samba does uppercase the realm, but > interestingly (and > I have noticed this before) the 'idmap config' lines: > > ??? idmap config SAMDOM > > Become: > > ??? idmap config samdom > > Rowland > >Ah, you found a "mini" bug then. ;-) SAMDOM is the WORKGROUP name, which should also be in CAPS. As shown in the naming conventions of MS link. Greetz, Louis
On 05/07/2019 14:56, L.P.H. van Belle via samba wrote:>> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Rowland penny via samba >> Verzonden: vrijdag 5 juli 2019 15:44 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] smb.conf realm parameter >> >> On 05/07/2019 14:31, L.P.H. van Belle via samba wrote: >>> Rowland, >>> >>> Do you know is samba is changing the smb value here to >> uppercase in the background. >>> ( see: >> https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html ) >>> Because if not, i really suggest we follow the >> recommendations here, (uppercase REALM) >>> a mismatch in realm due to upper/lower case is really hard to find.. >>> >>> Just saying.. >>> >>> >> Yes and worth saying, but I never gave it much thought before, so I >> changed my realm line to: >> >> ??? realm = samdom.example.com >> >> testparm produced this amongst the output: >> >> ??? realm = SAMDOM.EXAMPLE.COM >> >> So it looks like Samba does uppercase the realm, but >> interestingly (and >> I have noticed this before) the 'idmap config' lines: >> >> ??? idmap config SAMDOM >> >> Become: >> >> ??? idmap config samdom >> >> Rowland >> >> > Ah, you found a "mini" bug then. ;-) > > SAMDOM is the WORKGROUP name, which should also be in CAPS. > As shown in the naming conventions of MS link. > > > Greetz, > > Louis > >Then it is a very long lived bug ;-) For as long as I have used Samba, testparm has done this and has also always worked correctly. Rowland
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: vrijdag 5 juli 2019 16:09 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] smb.conf realm parameter > > On 05/07/2019 14:56, L.P.H. van Belle via samba wrote: > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens > >> Rowland penny via samba > >> Verzonden: vrijdag 5 juli 2019 15:44 > >> Aan: samba at lists.samba.org > >> Onderwerp: Re: [Samba] smb.conf realm parameter > >> > >> On 05/07/2019 14:31, L.P.H. van Belle via samba wrote: > >>> Rowland, > >>> > >>> Do you know is samba is changing the smb value here to > >> uppercase in the background. > >>> ( see: > >> > https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html ) > >>> Because if not, i really suggest we follow the > >> recommendations here, (uppercase REALM) > >>> a mismatch in realm due to upper/lower case is really > hard to find.. > >>> > >>> Just saying.. > >>> > >>> > >> Yes and worth saying, but I never gave it much thought before, so I > >> changed my realm line to: > >> > >> ??? realm = samdom.example.com > >> > >> testparm produced this amongst the output: > >> > >> ??? realm = SAMDOM.EXAMPLE.COM > >> > >> So it looks like Samba does uppercase the realm, but > >> interestingly (and > >> I have noticed this before) the 'idmap config' lines: > >> > >> ??? idmap config SAMDOM > >> > >> Become: > >> > >> ??? idmap config samdom > >> > >> Rowland > >> > >> > > Ah, you found a "mini" bug then. ;-) > > > > SAMDOM is the WORKGROUP name, which should also be in CAPS. > > As shown in the naming conventions of MS link. > > > > > > Greetz, > > > > Louis > > > > > Then it is a very long lived bug ;-) > > For as long as I have used Samba, testparm has done this and has also > always worked correctly. > > Rowland >Ow, i expect that there are more of these "mini" bug that are long there. Im just mentioning it because since everything is tightend up ( security wise ) so if you setup (more) correctly, then these small things are the way to avoid possible problems. That said and that things "always" worked correctly "for you", might result differently in a big complex network. Im pro.. "Setup as it should". It makes things more clear to see and helps to reduce chances with problems. Invest more time in the setup and it reduces the needed time in supporting/maintaining it. ;-) Good weekend, i need to finish things here. Greetz, Louis
On 05/07/2019 15:25, L.P.H. van Belle via samba wrote:> > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Rowland penny via samba >> Verzonden: vrijdag 5 juli 2019 16:09 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] smb.conf realm parameter >> >> On 05/07/2019 14:56, L.P.H. van Belle via samba wrote: >>>> -----Oorspronkelijk bericht----- >>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >>>> Rowland penny via samba >>>> Verzonden: vrijdag 5 juli 2019 15:44 >>>> Aan: samba at lists.samba.org >>>> Onderwerp: Re: [Samba] smb.conf realm parameter >>>> >>>> On 05/07/2019 14:31, L.P.H. van Belle via samba wrote: >>>>> Rowland, >>>>> >>>>> Do you know is samba is changing the smb value here to >>>> uppercase in the background. >>>>> ( see: >> https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html ) >>>>> Because if not, i really suggest we follow the >>>> recommendations here, (uppercase REALM) >>>>> a mismatch in realm due to upper/lower case is really >> hard to find.. >>>>> Just saying.. >>>>> >>>>> >>>> Yes and worth saying, but I never gave it much thought before, so I >>>> changed my realm line to: >>>> >>>> ??? realm = samdom.example.com >>>> >>>> testparm produced this amongst the output: >>>> >>>> ??? realm = SAMDOM.EXAMPLE.COM >>>> >>>> So it looks like Samba does uppercase the realm, but >>>> interestingly (and >>>> I have noticed this before) the 'idmap config' lines: >>>> >>>> ??? idmap config SAMDOM >>>> >>>> Become: >>>> >>>> ??? idmap config samdom >>>> >>>> Rowland >>>> >>>> >>> Ah, you found a "mini" bug then. ;-) >>> >>> SAMDOM is the WORKGROUP name, which should also be in CAPS. >>> As shown in the naming conventions of MS link. >>> >>> >>> Greetz, >>> >>> Louis >>> >>> >> Then it is a very long lived bug ;-) >> >> For as long as I have used Samba, testparm has done this and has also >> always worked correctly. >> >> Rowland >> > Ow, i expect that there are more of these "mini" bug that are long there. > > Im just mentioning it because since everything is tightend up ( security wise ) so if you setup (more) correctly, > then these small things are the way to avoid possible problems. > > That said and that things "always" worked correctly "for you", > might result differently in a big complex network. > > Im pro.. "Setup as it should". > It makes things more clear to see and helps to reduce chances with problems. > Invest more time in the setup and it reduces the needed time in supporting/maintaining it. > > ;-)I am not saying that we shouldn't tell people 'you don't need to do this or that', I am just saying it like it is. Yes we should stick to best practise, but don't get bogged down on something that isn't likely to cause a problem ;-) It might help if the OP was to tell us why they asked the question in the first place, I feel there is more to this. Rowland