[Samba] Retry: Mapping AD domain users to UNIX users
Hansjörg Maurer
Hansjoerg.Maurer at dlr.de
Wed Jan 23 13:19:34 GMT 2008
Hi
with recent (< =3.0.26 I think) samba Versions it is possible to use
http://us3.samba.org/samba/docs/man/manpages-3/idmap_nss.8.html
idmap domains = DOMNAME
idmap config DOMNAME:backend = nss
idmap config DOMNAME:readonly = yes
in our case.
We are running 3.0.28 in security = ADS,
and Linux gets the same usernames from NIS vis nss.
They are correctly mapped , and zhe windows security dialog shows
DOMNAME\username
Regards
Hansjörg
Nigel.Pain at scotland.gsi.gov.uk wrote:
> Further information:
>
> Someone suggested that the problem might be because of the AD user names
> being uppercase, which could be resolved with a usermap file. There are
> some AD user IDs that are uppercase (whereas all the UNIX ones are
> lowercase). However, I thought that the automatic mapping took care of
> that? Also, I wanted to avoid having an explicit usermap file as that's
> one extra thing to manage. Maybe I'm expecting too much of Samba?
>
> I tried configuring for a usermap file and adding an account mapping
> into it. However, the security properties on the Windows side still
> display the account in the form:
>
> u123456 (Unix User\u123456)
>
> Regards,
> Nigel
>
> ----------------------------------------
> Nigel Pain
> The Scottish Government
> Corporate Systems Support
> Information Systems and Information Services (ISIS)
> Victoria Quay
> EDINBURGH
> EH6 6QQ
> UK
>
>
> ********************************************************
>
> This e-mail (and any files or other attachments transmitted with it) is intended solely for the attention of the addressee(s). Unauthorised use, disclosure, storage, copying or distribution of any part of this e-mail is not permitted. If you are not the intended recipient please destroy the email, remove any copies from your system and inform the sender immediately by return.
>
>
>
> Communications with the Scottish Government may be monitored or recorded in order to secure the effective operation of the system and for other lawful purposes. The views or opinions contained within this e-mail may not necessarily reflect those of the Scottish Government.
>
> ********************************************************
>
>
> The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi this email was certified virus free.
> Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
>
--
_________________________________________________________________
Deutsches Zentrum fuer Luft- und Raumfahrt e.V.
in der Helmholtz-Gemeinschaft
Institut fuer Robotik und Mechatronik
Dr. Hansjörg Maurer
LAN- und Systemmanager
Münchner Strasse 20
82234 Wessling
Germany
Telefon: 08153/28-2431
Telefax: 08153/28-1134
E-Mail: Hansjoerg.Maurer at dlr.de
Internet: http://www.robotic.dlr.de/
__________________________________________________________________
There are 10 types of people in this world,
those who understand binary and those who don't.
More information about the samba
mailing list