[samba-winbind] wbinfo -i not showing real name

Latest response

Hello,

I have succesfully joined my RHEL 6.5 server to our 2008 R2 Active Directory using samba-winbind and the authconfig GUI.

The only issue is that when I open a terminal and type:

wbinfo -i DOMAIN\username (of course changing "DOMAIN" and "username" for their real values) (double backslash to represent single backslash as \ is a special escape character)

I obtain this:

[DOMAIN\username@host ~]$ wbinfo -i DOMAIN\username
DOMAIN\username:*:16777216:16777216::/home/DOMAIN/username:/bin/bash

But as you can see, between the second 166777216 and /home there are two :: without the real name between them, as I would expect. As a result, when I log into the system I see DOMAIN\username on the top right corner of the screen, just next to the system clock, instead of the real name.

However, if I log in with another AD account, then the user-switch-applet shows perfectly the real name and I can do wbinfo -i as follows:

[DOMAIN\someotheruser@host ~]$ wbinfo -i DOMAIN\someotheruser
DOMAIN\someotheruser:*:16777218:16777216:Some Other User:/home/DOMAIN/username:/bin/bash

(notice the "Some Other User" string between 16777216 and /home)

The result is the same if I type the wbinfo -i DOMAIN\somotheruser from the username cli:

[DOMAIN\username@host ~]$ wbinfo -i DOMAIN\someotheruser
DOMAIN\someotheruser:*:16777218:16777216:Some Other User:/home/DOMAIN/username:/bin/bash

Please excuse this terminology, I am not allowed to post real domain and names here. Any ideas?? It is not a fatal issue, but it only happens to my AD account and I don't know why it happens. Of course my AD account has the real name correctly written. My AD account was the first one I used once the server was joined to the domain.

It also happened me on a 6.4 fresh install.

Steps to reproduce:

Fresh install of 6.4 or 6.5 RHEL Server
yum install samba-winbind, if not installed during the installation process
Run authconfig GUI: System --> Administration --> Authentication
Config the correct values to use Winbind
Press Join Domain
Reboot
Log with the AD account in the way DOMAIN\username and the AD password.
You probably get the real name working.
Reboot
Log again with the same AD account
You will not get the real name shown anymore.
If you right-click on the top right corner and select "edit personal info" you will see "Unkwnown" as the user's real name.

I also tried getting a Kerberos ticket for the user "username" with:

kinit username@REALM

and obtained a TGT ticket that allowed me to get SSO working instantly, as I tested ssh-ing other AD-Joined-linux server with no password request. But this did not solve the issue.

Could be a ID map issue?

Anyone having the same problem?

As English is not my native language, please excuse typing errors.

Jorge Garcia

ko

Responses