[Samba] Re: ADS valid users can't map share
Igor Belyi
sambauser at katehok.ac93.org
Sat Oct 16 18:38:50 GMT 2004
Greg Adams wrote:
> Yeah, that solved the problem for valid users. Thanks.
>
> However, I now have a different problem. The same kind of logic should
> apply to the username map, right? But it doesn't seem to.
>
>
> smb.conf:
> *********************************************************************************************************
> [global]
>
> workgroup = EDSADDDM
> realm = EDSADDDM.DDM.APM.BPM.EDS.COM
>
> server string = Maul Test Server
>
> log level = 2
>
> max log size = 100
>
> security = ADS
>
> local master = no
>
> os level = 0
>
> domain master = no
>
> preferred master = no
>
> wins server = 199.42.192.103
> dns proxy = no
>
> encrypt passwords = yes
>
> idmap uid = 60000-70000
> idmap gid = 80000-90000
>
> winbind enum users = yes
> winbind enum groups = yes
>
> winbind separator = +
>
> winbind use default domain = no
>
> username map = /opt/samba/lib/username.map
>
> [space]
> comment = Space Partition Share
> path = /space
> writable = yes
> browsable = yes
> *********************************************************************************************************
>
> username.map:
>
> *********************************************************************************************************
> !grega = "EDSADDDM+imguser"
> *********************************************************************************************************
>
>
> If I map the share from my Windows XP client as EDSADDDM\imguser, it
> doesn't do the mapping. I get the following messages in log.smbd:
> *********************************************************************************************************
> [2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would
> close all old resources.
> open_sockets_smbd: accept: Software caused connection abort
> [2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would
> close all old resources.
> [2004/10/14 09:57:40, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [imguser] -> [imguser]
> -> [EDSADDDM+imguser] succeeded
> [2004/10/14 09:57:40, 1] smbd/service.c:make_connection_snum(648)
> mule (199.42.192.45) connect to service space initially as user
> EDSADDDM+imguser (uid=60001, gid=80000) (pid 25694)
> *********************************************************************************************************
>
> and if I create a new file it gets the following ownership/permission:
>
> *********************************************************************************************************
> # ls -l /space/tmp
> total 0
> -rwxr--r-- 1 nobody EDSADDDM+Domain Users 0 Oct 14 09:59 New
> Text Document.txt
> *********************************************************************************************************
>
> However, if I change username.map to the following and restart Samba:
>
> *********************************************************************************************************
> !grega = "imguser"
> *********************************************************************************************************
>
> The username map does what I think it should... The permissions on the
> created file are as follows:
>
> *********************************************************************************************************
> # ls -l /space/tmp
> total 0
> -rwxr--r-- 1 grega eng 0 Oct 14 10:01 New Text Document.txt
> *********************************************************************************************************
>
> So... it appears that the username map is not using the domain information.
I do believe it should... Could you provide 'log level = 10' from the
moment 'EDSADDDM+imguser' logs in and till it creates a file? This
should be logs for the '!grega = "EDSADDDM+imguser"' line in the map file.
Thanks,
Igor
More information about the samba
mailing list