[Samba] Re: ADS valid users can't map share

Greg Adams gadams at gmail.com
Tue Oct 19 14:33:27 GMT 2004 

How do you choose to authenticate using kerberos instead of NTLM? Is
that when you map as "userid at DOMAIN.X.Y.Z" instead of "DOMAIN\userid"?

Is there another way for me to do user mapping than using the username
map? I've seen some OpenLDAP method of doing it, but since my goal is
to map a handful of ADS domain groups to individual unix id's, I
figured it was easier to just use username map instead of setting up
an LDAP schema.

Greg Adams


On Tue, 19 Oct 2004 08:22:10 -0500, Gerald (Jerry) Carter
<jerry at samba.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Igor Belyi wrote:
> | Greg Adams wrote:
> |
> |> Yeah, that solved the problem for valid users. Thanks.
> |>
> |> However, I now have a different problem. The same kind
> |> of logic should apply to the username map, right? But it
> |> doesn't seem to.
> ....
> |> username.map:
> |>
> |> !grega = "EDSADDDM+imguser"
> ...
> |> So... it appears that the username map is not using the domain
> |> information.
> |
> |
> | I do believe it should... Could you provide 'log level = 10'
> | from the  moment 'EDSADDDM+imguser' logs in and till it creates
> | a file? This  should be logs for the '!grega = "EDSADDDM+imguser"'
> | line in the map file.
> 
> I just checked on this and it looks like when you are a
> domain member server, the username map honors the domain
> portion of the username (on the LHS) when you authenticate
> using kerberos but not when using NTLM.
> 
> Anyone besides me consider that a bug ?  However, changing
> behavior is always risky.  Are there a lot of people utilizing
> a username map with with a domain member server ?
> 
> cheers, jerry
> - ---------------------------------------------------------------------
> Alleviating the pain of Windows(tm)      ------- http://www.samba.org
> GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFBdRUBIR7qMdg1EfYRAmkbAJ45YyG3OJgum55k22PuUyS6AClg4ACffl8J
> PMkqLuDV4SGT1LQ4zByohK0=
> =Lfl2
> -----END PGP SIGNATURE-----
>

More information about the samba mailing list