[Samba] Re: ADS valid users can't map share
Melfi.Marcello at hydro.qc.ca
Melfi.Marcello at hydro.qc.ca
Tue Oct 19 17:21:59 GMT 2004
Hi Jerry,
Yes, I do use the username map file with Samba 3.0.2a and the DOMAIN
security mode.
The Samba share is accessed by many workstations exporting data files (via a
background application) to it on a regular basis. There is no need to log on
the Samba box therefore all workstations are using the same Windows account
and this account is associated to a Unix one via the username map file.
I am trying to do the same with Samba 3.0.7 and the ADS security mode.
Note: Although it is up to the Samba team to determine the specifications of
the product, I do hope that the backward compatibility is kept as much as
possible.
Regards,
Marcello
-----Message d'origine-----
De : Gerald (Jerry) Carter [mailto:jerry at samba.org]
Envoyé : mardi 19 octobre 2004 09:22
À : Igor Belyi
Cc : samba at lists.samba.org
Objet : Re: [Samba] Re: ADS valid users can't map share
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Igor Belyi wrote:
| Greg Adams wrote:
|
|> Yeah, that solved the problem for valid users. Thanks.
|>
|> However, I now have a different problem. The same kind
|> of logic should apply to the username map, right? But it doesn't seem
|> to.
....
|> username.map:
|>
|> !grega = "EDSADDDM+imguser"
...
|> So... it appears that the username map is not using the domain
|> information.
|
|
| I do believe it should... Could you provide 'log level = 10' from the
| moment 'EDSADDDM+imguser' logs in and till it creates a file? This
| should be logs for the '!grega = "EDSADDDM+imguser"' line in the map
| file.
I just checked on this and it looks like when you are a
domain member server, the username map honors the domain portion of the
username (on the LHS) when you authenticate using kerberos but not when
using NTLM.
Anyone besides me consider that a bug ? However, changing behavior is
always risky. Are there a lot of people utilizing a username map with with
a domain member server ?
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBdRUBIR7qMdg1EfYRAmkbAJ45YyG3OJgum55k22PuUyS6AClg4ACffl8J
PMkqLuDV4SGT1LQ4zByohK0=
=Lfl2
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list