[Curiosity] Default domain, DC and DM...

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Curiosity] Default domain, DC and DM...

Samba - General mailing list

In my DC, without setting explicitly a 'winbind default domain', i can
check logins domainless:

        root@vdcsv1:~# id gaio
        uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)

in my DM, no, i've to explicitly set the domain:

        root@vdmsv1:~# id gaio
        id: gaio: no such user
        root@vdmsv1:~# id LNFFVG\\gaio
        uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain users),11001(sir),10999(unixadm),5001(BUILTIN\users),5000(BUILTIN\administrators)


but if i set 'winbind use default domain = yes':

        root@vdmsv1:~# id gaio
        uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain users),11001(sir),10999(unixadm),5001(BUILTIN\users),5000(BUILTIN\administrators)


Why?!

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] Default domain, DC and DM...

Samba - General mailing list
On Fri, 10 Nov 2017 17:32:37 +0100
Marco Gaiarin via samba <[hidden email]> wrote:

>
> In my DC, without setting explicitly a 'winbind default domain', i can
> check logins domainless:
>
> root@vdcsv1:~# id gaio
> uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users)
> gruppi=10513(LNFFVG\domain
> users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain
> admins),3000005(LNFFVG\denied rodc password replication
> group),3000005(LNFFVG\denied rodc password replication
> group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)
>
> in my DM, no, i've to explicitly set the domain:
>
> root@vdmsv1:~# id gaio
> id: gaio: no such user
> root@vdmsv1:~# id LNFFVG\\gaio
> uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain
> users),11001(sir),10999(unixadm),5001(BUILTIN\users),5000(BUILTIN\administrators)
>
>
> but if i set 'winbind use default domain = yes':
>
> root@vdmsv1:~# id gaio
> uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain
> users),11001(sir),10999(unixadm),5001(BUILTIN\users),5000(BUILTIN\administrators)
>
>
> Why?!
>

Because the code on a DC is different from the code on a Unix domain
member ;-)

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba