[Samba] Re: ADS valid users can't map share

Igor Belyi sambauser at katehok.ac93.org
Wed Oct 20 15:54:49 GMT 2004

Gerald (Jerry) Carter wrote:

> Hash: SHA1
> Greg Adams wrote:
> | I'm sorry, I still don't quite follow you.
> |
> | I have "security = ads", and, as far as I can tell,
> | a working kerberos installation, so that means I'm
> | using kerberos authentication, right?
> Correct.
> | From the messages above, that means samba should
> | be honoring the domain portion of entries in the
> | username map, which it is not doing. Or am I
> | using NTLM authentication for some weird reason?
> smbd should be honoring entries like
>     jerry = AD\gcarter
> You can check a level 10 smbd debug log to verify that
> the krb5 SNPEGO login is working.
> I'll work on getting the NTLM/username map functionality fixed.


Are you saying that username will be sent differently depending on the 
protocol Samba and ADS agree to? And that if it's Kerberos, the name 
will be <Domain name>\<username> even if 'winbind separator = +' in 


More information about the samba mailing list