[Samba] Re: ADS valid users can't map share

Greg Adams gadams at gmail.com
Wed Oct 20 15:32:41 GMT 2004

I'm sorry, I still don't quite follow you.

I have "security = ads", and, as far as I can tell, a working kerberos
installation, so that means I'm using kerberos authentication, right?
>From the messages above, that means samba should be honoring the
domain portion of entries in the username map, which it is not doing.
Or am I using NTLM authentication for some weird reason?


On Wed, 20 Oct 2004 10:12:10 -0500, Gerald (Jerry) Carter
<jerry at samba.org> wrote:
> Hash: SHA1
> Greg Adams wrote:
> | How do you choose to authenticate using kerberos instead
> | of NTLM? Is that when you map as "userid at DOMAIN.X.Y.Z"
> | instead of "DOMAIN\userid"?
> It depends on whether you are using 'security = ads' and
> have a working kerberos installation or if you are using
> 'security = domain'.
> | Is there another way for me to do user mapping than
> | using the username map? I've seen some OpenLDAP method
> | of doing it, but since my goal is to map a handful of
> | ADS domain groups to individual unix id's, I
> | figured it was easier to just use username map instead
> | of setting up an LDAP schema.
> You are talking about group mapping.  This does not
> require LDAP, but can be stored in and LDAP directory.
> cheers, jerry
> - ---------------------------------------------------------------------
> Alleviating the pain of Windows(tm)      ------- http://www.samba.org
> GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> bUYflDdIf8LOjflh3JWcYV8=
> =3HkH

More information about the samba mailing list