users.map file
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Wed Apr 4 23:50:35 GMT 2001
Hi Chris,
Well, that might be a problem; you see, the way the usermap file is parsed
is line by line;
so if (for example) you had usera that was a member of unixgroup3 AND
unixgroup4, with the usermap file you mentioned
...
unix3=@unixgroup3
unix4=@unixgroup4
what would happen is that usera would be translated to unix3 (because it's a
member of unixgroup3) and then it would check to see if unix3 was a member
of unixgroup4; (it keeps on going...) if it WAS, then unix3 would be
translated to unix4; then when it tried to check valid users=@unixgroup3, it
would be checking the user unix4....
You can proceed the unix3=@unixgroup3 and unix4=@unixgroup4 with a "!" sign,
to make it STOP
parsing lines in the usermap file at the first match:
!unix3=@unixgroup3
!unix4=@unixgroup4
Can get confusing. Best way to check it out is to set log level=10, and
take a look at the treeconnect&x to see WHAT username is finally being used
to determine access...
Hope this helps,
Don
-----Original Message-----
From: Chris Isbell [mailto:chris.isbell at CopiersNow.com]
Sent: Wednesday, April 04, 2001 4:35 PM
To: 'MCCALL,DON (HP-USA,ex1)'; 'samba at lists.samba.org'
Subject: RE: users.map file
The users and group names are all fictitious, just for example. As for the
groups, there are users that are members of both groups.
-----Original Message-----
From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
Sent: Wednesday, April 04, 2001 1:12 PM
To: 'Chris Isbell'; 'samba at lists.samba.org'
Subject: RE: users.map file
Hi Chris,
Could you give us more info on your group membership?
For instance is the membership list of unixgroup3 and unixgroup4 disjoint
(ie, no users are members of BOTH groups)?
Is the user unix3 ONLY a member of unixgroup3, and user unix4 ONLY a member
of unixgroup4?
And finally, is it possible that your implementation of *nix limits the
length in characters of a group name, so that (for instance, if
the group name limit was 8) unixgroup3 and unixgroup4 both end up looking
like unixgrou (1st 8 characters)?
I am able to manage this setup on HP-UX 11.0, so I think what you are trying
to do SHOULD work.
What I would expect to happen is this:
if usera is a member of unixgroup4, and the user unix4 has an smbpassword of
'unix4', then the following smbclient command should work:
smbclient \\\\servername\\sharename unix4 -U usera
(usera would be mapped to user unix4, since usera is in unixgroup4, so share
access would be allowed since unix4 is a member of
unixgroup4, which is in the valid users = @unixgroup4 list in the share
definition, and the password 'unix4' passed in the smbclient
command matches the user4 smbpasswd database entry...) That's a very
confusing sentence...
But if you give us more info, maybe we can figure out why it's NOT working
for you...
Hope this helps,
Don
-----Original Message-----
From: Chris Isbell [mailto:chris.isbell at CopiersNow.com]
Sent: Wednesday, April 04, 2001 1:13 PM
To: 'samba at lists.samba.org'
Subject: users.map file
In our users.map file we have the following entries:
unix1 = nt1
unix2 = nt2
unix3 = @unixgroup3
unix4 = @unixgroup4
When we create shares on the samba server, we assign the valid users as
@unixgroup3 or @unixgroup4. For whatever reason, if a share has @unixgroup4
as the valid users entry, we cannot connect to it from the nt side. If we
flip-flop the group entries in the users.map file, we can then connect to
that share, but not the share with @unixgroup3. whatever group is first in
the users.map file works, and the groups after that do not.
Does anyone know why this happens? Is this the way the file behaves by
default?
Chris Isbell
Copiersnow.com
6940 S. Holly Circle Suite 105
Englewood, CO 80112
303.694.0515 x129
www.copiersnow.com
chris at copiersnow.com
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list