Prev: getent doesnt't list group
Next: [Samba] call_nt_transact_ioctl(0x90060): Currently not implemented
From: Diego Zuccato on 20 Nov 2009 03:50
Diego Zuccato wrote:

Just replying to myself to give some more infos...

> 1) In our organization we have two "primary" domains (a lot of others,
> but they're not interesting here). I tried changing the default
> 'PERSONALE' (where machine is joined) to 'STUDENTI' (most users are in
> this one, but I'm not allowed to join a machine to it) with no luck.
Seems "default domain" gets ignored when security=ads ...

> 2) I can't make users login with their UPN (user.name(a)studio.unibo.it
> for users in STUDENTI domain, user.name(a)unibo.it for users in PERSONALE
> domain)
Just tested again. But it seems even "wbinfo -n user.name(a)unibo.it"
isn't resolved. This seems to be a regression (I now updated to 3.4.3,
but it correctly resolved it in 3.3.8, but even then I couldn't login by
UPN).

> 3) It seems "winbind separator" is incompatible with Kerberos login: if
> I specify it, then all logins fail.
And even this still applies.

Attached are the relevant configuration files (might be useful for
others, for example for the multi-domain consistent id mapping).

--
Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Universit� di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato(a)unibo.it
 | 
Pages: 1
Prev: getent doesnt't list group
Next: [Samba] call_nt_transact_ioctl(0x90060): Currently not implemented