On Sat, 2012-03-03 at 16:59 +0700, Victor Sudakov wrote: > Andrew Bartlett wrote: > > > As written in > > > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html > > > > > > "Where winbindd is not used Samba (smbd) uses the underlying > > > UNIX/Linux mechanisms to resolve the identity of incoming network > > > traffic. This is done using the LoginID (account name) in the session > > > setup request and passing it to the getpwnam() system function call. > > > This call is implemented using the name service switch (NSS) mechanism > > > on modern UNIX/Linux systems. By saying "users and groups are local," > > > we are implying that they are stored only on the local system, in the > > > /etc/passwd and /etc/group respectively. > > > > > > For example, when the user BERYLIUM\WambatW tries to open a connection > > > to a Samba server the incoming SessionSetupAndX request will make a > > > system call to look up the user WambatW in the /etc/passwd file. " > > > > > > My question: if BERYLIUM trusts ANOTHERDOMAIN, and > > > ANOTHERDOMAIN\WambatW tries to open a connection to my Samba server, > > > what user will be looked up in /etc/passwd? > > > > It should be: > > ANOTHERDOMAIN\WambatW > > A Unix user with a slash in the login name? Sorry I doubt that because > I have a script in smb.conf: > > add user script = /usr/sbin/pw useradd %u -m -Y -M 755 > > and the script's log shows that those users from trusted domains are > being created as "WambatW", not "ANOTHERDOMAIN\WambatW". > > How/where can I see/debug the actual mapping happening?
When using trusted domains you should run winbindd, relying on add user script is basically not supported/tested for trusted domain. Simo. -- Simo Sorce Samba Team GPL Compliance Officer <[email protected]> Principal Software Engineer at Red Hat, Inc. <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
