[Samba] Re: winbind and unix/nt login match use unix uid - resolved

Alexius Ludeman lex at lexinator.com
Tue Mar 2 19:19:02 GMT 2004 

> > Hi,
> > I'm on solaris 9, and using winbind to be a part of our NT domain.
> > 
> > I'm trying to determine if it's possible to configure winbind/smb so
> > that when the nt login name matches the unix login name the share is
> > mounted using their unix uid.  With none matching account names,
> > username map works fine.  It doesn't appear that "johnsmith =
> > johnsmith" works in the username map file.
> > 
> > thanks for any assistance,
> > lex
> 
> Some additional information here...
> 
> I'm running 3.0.2a, this machine also runs nis so the nsswitch.conf is
> passwd: files, nis, winbind.  getent passwd shows the uid in numerical
> order.  I have no names in the smbpasswd file.  I have tried "use
> default domain" which did not have any noticable affect.
> 
> I am logged into my nt workstation as the user "Lex".  My unix login
> is "aludeman".  I try and mount "\\samba\aludeman".  Now here is the
> part that I wasn't expecting; I've temporarily added aludeman to the
> nt domain and my usermap says "aludeman = Lex".  I get the following
> message.

> [2004/02/27 09:24:43, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password:  authentication for user
>   [Lex] -> [aludeman] -> [DOMAIN+aludeman] succeeded
> 
> in the source code is:
>   user_info->smb_name.str, user_info->internal_username.str, unix_username
> 
> So the behavior that I'm seeing is that it's always taking the NT
> domain precedence over the local passwd.  When DOMAIN+aludeman does
> not exist then things behave like I would like them where HOMEGAIN+Lex
> maps to unix user aludeman uid.
> 
> Any assistance is appreciated.

The above problem lies within winbind being used in nsswitch.conf.
Somehow when winbind is involved in verification smbd will always use
the domain username/uid over the local unix account.  As soon as I
removed from nsswitch.conf it started working.

The downfall of this is that nt users are unable to log into the
machine.  As my environment does not need this, my solution is
acceptable for me.

Lex

More information about the samba mailing list