This is the 'winbind default domain' patch from Alexander Bokovoy

<a.bokovoy@sam-solutions.net>.

The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.

This 'corrects' that - but is not without its own problems.

As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.

The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.

I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.

As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.

(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)

Andrew Bartlett
(This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)

2 files changed, 32 insertions, 1 deletions

diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 9e719e1f2a..7aa9ea3b9c 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -762,6 +762,7 @@
 		<listitem><para><link linkend="WINBINDGID"><parameter>winbind gid</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINBINDSEPARATOR"><parameter>winbind separator</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINBINDUID"><parameter>winbind uid</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINBINDUSEDEFAULTDOMAIN"><parameter>winbind use default domain</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINSHOOK"><parameter>wins hook</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINSPROXY"><parameter>wins proxy</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINSSERVER"><parameter>wins server</parameter></link></para></listitem>
@@ -8195,7 +8196,23 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
 		</varlistentry>
 
 
-
+		<varlistentry>
+		<term>winbind use default domain</term>
+		
+		<varlistentry>
+		<term><anchor id="WINBINDUSEDEFAULTDOMAIN">winbind use default domain</term>
+		<listitem><para>This parameter specifies whether the <ulink url="winbindd.8.html">
+		winbindd(8)</ulink>
+		daemon should operate on users without domain component in their username.  
+                Users without a domain component are treated as is part of the winbindd server's 
+                own domain.  While this does not benifit Windows users, it makes SSH, FTP and e-mail 
+                function in a way much closer to the way they would in a native unix system.</para>
+		
+		<para>Default: <command>winbind use default domain = &lt;falseg&gt; 
+		</command></para>
+		<para>Example: <command>winbind use default domain = true</command></para>
+		</listitem>
+		</varlistentry>
 
 
 		<varlistentry>
diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml
index af851657f3..bd1dafa07e 100644
--- a/docs/docbook/manpages/winbindd.8.sgml
+++ b/docs/docbook/manpages/winbindd.8.sgml
@@ -276,6 +276,20 @@ group:          files winbind
 		<para>Default: <command>template shell = /bin/false </command>
 		</para></listitem>
 		</varlistentry>
+
+		<varlistentry>
+		<term>winbind use default domain</term>
+		<listitem><para>This parameter specifies whether the <command>winbindd</command>
+		daemon should operate on users without domain component in their username.  
+                Users without a domain component are treated as is part of the winbindd server's 
+                own domain.  While this does not benifit Windows users, it makes SSH, FTP and e-mail 
+                function in a way much closer to the way they would in a native unix system.</para>
+		
+		<para>Default: <command>winbind use default domain = &lt;falseg&gt; 
+		</command></para>
+		<para>Example: <command>winbind use default domain = true</command></para>
+		</listitem>
+		</varlistentry>
 	</variablelist>
 </refsect1>