samba 3.0.1rc- secutity=ads - Problem with username map

Gerald (Jerry) Carter jerry at samba.org
Thu Oct 30 17:51:44 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hansjoerg Maurer wrote:
| Hi,
|
| I have successfully joined a samba 3.0.1rc server with security=ads to a
| W2k AD-Server.
| Connecting to a share works fine.
| Our testuser has in AD a differnt username than on Unix (NIS)
| Therefore we use a username map.
|  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
| [2003/10/30 08:34:38, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286)
|  Got user=[maurerh] domain=[DLR] workstation=[ADRMPC042] len1=24 len2=24
|
| When I try to connect to the computer
| with the MS Snap-In "Admin-Computer" (Computer verwalten in german)
| access is denied and samba logs the following:
|
| NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
| [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(385)
|  Got OID 1 2 840 48018 1 2 2
| [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(385)
|  Got OID 1 2 840 113554 1 2 2
| [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(385)
|  Got OID 1 3 6 1 4 1 311 2 2 10
| [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(388)
|  Got secblob of size 1270
| [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_kerberos(178)
|  Ticket name is [maurerh at INTRA.DLR.DE]
| [2003/10/29 16:34:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(218)
|  Username maurerh is invalid on this system
| [2003/10/29 16:34:42, 3] smbd/error.c:error_packet(94)
|
|
| If I create the local user maurerh on the linux machine
| it works and i can connect.

Please file a bug for me.  Thanks.




cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "You can never go home again, Oatman, but I guess you can shop there."
~                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/oU+wIR7qMdg1EfYRAkqFAKCvLlvPOJmMQB0itEzYkOwKp8+DvQCgiRHu
pi18ApGkXGDJ1js3AfzqyFs=
=+W3n
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list