Web lists-archives.com

Re: [Samba] sendmail getting domain\user as email userId

About a year-and-a-half ago I wrote in a thread having this same subject about a problem my
sendmail server was having on my Samba4 AD/DC. To solve that problem at the time, I maintained
domain user entries in both the sam.ldb and in /etc/passwd, and did not have winbind specified
in /etc/nsswitch.conf. I am now trying to remove all users from /etc/passwd and use winbind.
Unfortunately, I'm running into the same problem. In short:

> getent passwd charmaine
HPRS\charmaine:*:10003:10000:Charmaine Carter:/home/HPRS/charmaine:/bin/bash

other domain member:
$ getent passwd charmaine
charmaine:*:10003:10000:Charmaine Carter:/home/HPRS/charmaine:/bin/bash

The ID being return of "HPRS\charmaine" apparently confuses sendmail and procmail and causes
the error, "Suspicious rcfile "/home/HPRS/charmaine/.procmailrc", probably due to "The owner of
the rcfile was not the recipient or root" (from procmail manpage).  Note that mail delivery
worked OK when the user was in /etc/passwd. Currently, mail is not getting delivered the the
Maildir as .procmailrc specifies, but rather it is sent to /var/spool/mail/HPRScharmaine, so it
is obviously construction a mbox name based on the winbind returned ID.

Regarding this issue, On Thu Jul 21 04:02  Rowland penny wrote:

> There is another line, which works on a domain member:
>      winbind use default domain = yes
> This (on a domain member) removes the NetBIOS domain name, but it 
> doesn't seem to work on an AD DC.

Various other participants on this thread confirmed that "winbind use default domain = yes" did
not work on the AD/DC. Later (Mon Jul 25 12:05), Roland referenced a bug report on this issue:


Interestingly, on 2016-07-27 15:42:36 Björn Jacke posted to bugzilla that the issue was solved,
and set the status to RESOLVED FIXED:

  "Samba 4.1 is old and out of support by us. Update to a recent version if you need this to be
  solved. Current Samba versions use a unified winbind with a more unified feature set."

I am currently running version 4.4.16 and it is clearly not solved.

Does anyone have a workaround for this? Later in that same thread (Thu Jul 21 12:30:40 2016)
Mike E. suggested trying sssd, which was solving the problem for him. My distro (Slackware)
does not have an sssd package, though I'll continue researching that. Otherwise, barring some
other solution, I'll have to put my users back in /etc/passwd! 

Thanks for your help -- Mark

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba