[Samba] Re: ADS valid users can't map share
Igor Belyi
sambauser at katehok.ac93.org
Wed Oct 20 15:54:49 GMT 2004
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greg Adams wrote:
> | I'm sorry, I still don't quite follow you.
> |
> | I have "security = ads", and, as far as I can tell,
> | a working kerberos installation, so that means I'm
> | using kerberos authentication, right?
>
> Correct.
>
> | From the messages above, that means samba should
> | be honoring the domain portion of entries in the
> | username map, which it is not doing. Or am I
> | using NTLM authentication for some weird reason?
>
> smbd should be honoring entries like
>
> jerry = AD\gcarter
>
> You can check a level 10 smbd debug log to verify that
> the krb5 SNPEGO login is working.
>
> I'll work on getting the NTLM/username map functionality fixed.
Jerry,
Are you saying that username will be sent differently depending on the
protocol Samba and ADS agree to? And that if it's Kerberos, the name
will be <Domain name>\<username> even if 'winbind separator = +' in
smb.conf?
Thanks,
Igor
More information about the samba
mailing list