[Samba] ADS valid users can't map share
Greg Adams
gadams at gmail.com
Thu Oct 14 17:03:44 GMT 2004
Yeah, that solved the problem for valid users. Thanks.
However, I now have a different problem. The same kind of logic should
apply to the username map, right? But it doesn't seem to.
smb.conf:
*********************************************************************************************************
[global]
workgroup = EDSADDDM
realm = EDSADDDM.DDM.APM.BPM.EDS.COM
server string = Maul Test Server
log level = 2
max log size = 100
security = ADS
local master = no
os level = 0
domain master = no
preferred master = no
wins server = 199.42.192.103
dns proxy = no
encrypt passwords = yes
idmap uid = 60000-70000
idmap gid = 80000-90000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = no
username map = /opt/samba/lib/username.map
[space]
comment = Space Partition Share
path = /space
writable = yes
browsable = yes
*********************************************************************************************************
username.map:
*********************************************************************************************************
!grega = "EDSADDDM+imguser"
*********************************************************************************************************
If I map the share from my Windows XP client as EDSADDDM\imguser, it
doesn't do the mapping. I get the following messages in log.smbd:
*********************************************************************************************************
[2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
open_sockets_smbd: accept: Software caused connection abort
[2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2004/10/14 09:57:40, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [imguser] -> [imguser]
-> [EDSADDDM+imguser] succeeded
[2004/10/14 09:57:40, 1] smbd/service.c:make_connection_snum(648)
mule (199.42.192.45) connect to service space initially as user
EDSADDDM+imguser (uid=60001, gid=80000) (pid 25694)
*********************************************************************************************************
and if I create a new file it gets the following ownership/permission:
*********************************************************************************************************
# ls -l /space/tmp
total 0
-rwxr--r-- 1 nobody EDSADDDM+Domain Users 0 Oct 14 09:59 New
Text Document.txt
*********************************************************************************************************
However, if I change username.map to the following and restart Samba:
*********************************************************************************************************
!grega = "imguser"
*********************************************************************************************************
The username map does what I think it should... The permissions on the
created file are as follows:
*********************************************************************************************************
# ls -l /space/tmp
total 0
-rwxr--r-- 1 grega eng 0 Oct 14 10:01 New Text Document.txt
*********************************************************************************************************
So... it appears that the username map is not using the domain information.
Any ideas on this one??
Greg Adams
On Tue, 12 Oct 2004 20:51:35 -0700, Doug VanLeuven <roamdad at sonic.net> wrote:
>
>
> Greg Adams wrote:
>
> > winbind separator = +
> >
> > winbind use default domain = no
> >
> >[space]
> > comment = Space Partition Share
> > path = /space
> > writable = yes
> > browsable = yes
> > valid users = "EDSADDDM\imguser"
> >
> >
>
> Maybe it should be EDSADDDM+imguser ?
>
> >Any ideas?
> >
> >
> Hope that helps.
>
> Regards, Doug
>
>
More information about the samba
mailing list