[Samba] Question on use of a username map file and security=domain interactions ?

Ken Stone ken at sdd.hp.com
Thu Jul 17 22:51:55 GMT 2003


Thanks Don ... I figured out how to use the ! in the map file last night to 
fix it !!

Map file of 

!jsmith=smith
!smith=wsmith

or 

!smith=wsmith
!jsmith=smith

Works MUCH better :-)

  -- Ken


> Hi ken,
> issue is that mapping continues to happen, so what you see is the following:
>  
> ntusername wsmith gets mapped to unix 'smith';
> now the smith username is used to continue parsing thru the user map file, and 
> matches smith on the right side, so he gets finally mapped to jsmith on the left.
> In other words, we parse thru the entire map file, and continue mapping until there
> are no more right side matches...
>  
> So for your issue, for instance, if you reversed the names in your mapfile:
> jsmith=smith
> smith=wsmith
> I think you would be ok.
> he would come in as nt user smith, get mapped to jsmith, and jsmith doesn't have another rightside match.
>  
> Hope this helps,
> Don
> 
> Ken Stone <ken at sdd.hp.com> wrote:
> 
> Hi ....
> 
> I'm looking for thoughts/experiences when the following conditions are met ...
> 
> I have 2 users .... say Sam Smith and Jeff Smith
> 
> On UNIX (on the samba server) their logins are
> 
> Walt Smith = "smith"
> Jeff Smith = "jsmith
> 
> On the NT DOMAIN side, their logins are
> 
> Walt Smith = "wsmith"
> Jeff Smith = "smith"
> 
> In my smb.config file, I have
> 
> security = domain [ and all the stuff that goes with it]
> username map = /samba/lib/name-maps
> 
> And in name-maps, I have
> 
> smith = wsmith
> jsmith = smith
> 
> Note the re-use of the word "smith" on both sides ....
> 
> And the issue is that when Walt Smith mounts \\samba\wsmith from his pc, he
> actually gets Jeff Smith's home directory and has the permissions as though
> he was Jeff Smith on UNIX .... not good .... And if he mounts \\samba\smith
> then he gets his home directory but has the permissions as though he was
> Jeff Smith on UNIX ... still bad ... It almost seems as though the name 
> mapping is occuring recursively somehow ?
> 
> The server in question is an old 2.0.6-pre1 version but I also have a 2.2.9pre1
> server that shows issues along the same thing but behaves a bit differently.
> 
> Please reply to me directly so I don't miss it in all the noise !!
> 
> Thanks
> 
> -- Ken
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
> 
> 
> ---------------------------------
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> --0-312663638-1058460559=:18090
> Content-Type: text/html; charset=us-ascii
> 
> <DIV>Hi ken,</DIV>
> <DIV>issue is that mapping continues to happen, so what you see is the following:</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>ntusername wsmith gets mapped to unix 'smith';</DIV>
> <DIV>now the smith username is used to continue parsing thru the user map file, and </DIV>
> <DIV>matches smith on the right side, so he gets finally mapped to jsmith on the left.</DIV>
> <DIV>In other words, we parse thru the entire map file, and continue mapping until there</DIV>
> <DIV>are no more right side matches...</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>So for your issue, for instance, if you reversed the names in your mapfile:</DIV>
> <DIV>jsmith=smith</DIV>
> <DIV>smith=wsmith</DIV>
> <DIV>I think you would be ok.</DIV>
> <DIV>he would come in as nt user smith, get mapped to jsmith, and jsmith doesn't have another rightside match.</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>Hope this helps,</DIV>
> <DIV>Don<BR><BR><B><I>Ken Stone &lt;ken at sdd.hp.com&gt;</I></B> wrote:</DIV>
> <DIV>
> <BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid; WIDTH: 100%"><BR>Hi ....<BR><BR>I'm looking for thoughts/experiences when the following conditions are met ...<BR><BR>I have 2 users .... say Sam Smith and Jeff Smith<BR><BR>On UNIX (on the samba server) their logins are<BR><BR>Walt Smith = "smith"<BR>Jeff Smith = "jsmith<BR><BR>On the NT DOMAIN side, their logins are<BR><BR>Walt Smith = "wsmith"<BR>Jeff Smith = "smith"<BR><BR>In my smb.config file, I have<BR><BR>security = domain [ and all the stuff that goes with it]<BR>username map = /samba/lib/name-maps<BR><BR>And in name-maps, I have<BR><BR>smith = wsmith<BR>jsmith = smith<BR><BR>Note the re-use of the word "smith" on both sides ....<BR><BR>And the issue is that when Walt Smith mounts \\samba\wsmith from his pc, he<BR>actually gets Jeff Smith's home directory and has the permissions as though<BR>he was Jeff Smith on UNIX .... not good .... And if he mounts \\samba\smith<BR>then he !
 ge!
>  ts his
>  home directory but has the permissions as though he was<BR>Jeff Smith on UNIX ... still bad ... It almost seems as though the name <BR>mapping is occuring recursively somehow ?<BR><BR>The server in question is an old 2.0.6-pre1 version but I also have a 2.2.9pre1<BR>server that shows issues along the same thing but behaves a bit differently.<BR><BR>Please reply to me directly so I don't miss it in all the noise !!<BR><BR>Thanks<BR><BR>-- Ken<BR>-- <BR>To unsubscribe from this list go to the following URL and read the<BR>instructions: http://lists.samba.org/mailman/listinfo/samba</BLOCKQUOTE></DIV><p><hr SIZE=1>
> Do you Yahoo!?<br>
> <a href="http://pa.yahoo.com/*http://rd.yahoo.com/evt=1207/*http://promo.yahoo.com/sbc/">SBC Yahoo! DSL</a> - Now only $29.95 per month!
> --0-312663638-1058460559=:18090--



More information about the samba mailing list