[Samba] User Authentication and Username Map
Richard Nelson
unixabg at gmail.com
Sat Nov 22 17:26:48 GMT 2008
On Sat, Nov 22, 2008 at 4:34 AM, Alec Joseph Rivera <eijhei at gmail.com> wrote:
> Hi to all..
>
> I've setup a Samba domain and now having a hard time setting up Unix to
> Windows user mapping. As an example on the server, user is 'agi', and at the
> workstation I want an 'Alec Joseph' as the user name. If I log on from a
> Linux desktop using the alias connection goes through:
>
> # sudo tail -f /usr/local/samba/var/log.smbd | grep 'Alec Joseph'
>
> Got user=[Alec Joseph] domain=[RIVERA-HOME] workstation=[THREEPIO] len1=24
> len2=24
> Mapped user Alec Joseph to agi
> check_ntlm_password: Checking password for unmapped user
> [RIVERA-HOME]\[Alec Joseph]@[THREEPIO] with the new password interface
> check_ntlm_password: sam authentication for user [Alec Joseph] succeeded
> check_ntlm_password: authentication for user [Alec Joseph] -> [agi] ->
> [agi] succeeded
> register_existing_vuid: User name: agi Real name: Alec Joseph
> Rivera,,,
>
> However, on a Windows workstation, I can not log on and getting these on the
> log:
>
> SAM Logon (Interactive). Domain:[RIVERA-HOME]. User:[Alec Joseph at HAN]
> Requested Domain:[RIVERA-HOME]
> check_ntlm_password: Checking password for unmapped user
> [RIVERA-HOME]\[Alec Joseph]@[HAN] with the new password interface
> check_ntlm_password: mapped user is: [RIVERA-HOME]\[Alec Joseph]@[HAN]
> check_sam_security: Couldn't find user 'Alec Joseph' in passdb.
> check_ntlm_password: Authentication for user [Alec Joseph] -> [Alec Joseph]
> FAILED with error NT_STATUS_NO_SUCH_USER
>
> From what I understand, the Windows workstation is forcing a lookup on the
> tdbsamdb backend right? On the manuals I've read that the mapping is done
> after the authentication...
>
> How can I get the same behavior as from a Linux workstation? Also I can see on
> the logs a "Error permission denied" on the username map file, is this in a
> way related?
>
> Thanks...
>
> Ohayou gozaimas,
> Agi
Greetings,
Might be nice to see your smb.conf file, less anything that might be a
security issue.
More information about the samba
mailing list