[Samba] user mapping problem when seurity=ads
Alexey Toptygin
alexeyt at freeshell.org
Mon Apr 25 21:10:24 GMT 2005
I have a setup that looks roughly like:
# cat smb.conf
[global]
security = ads
workgroup = company
realm = internal.company.com
password server = 192.168.1.2
netbios name = server
server string = Samba Server
name resolve order = wins bcast
username map = /etc/samba/smbusers
map to guest = Bad User
invalid users = root
[share]
comment = Test Share
path = /home/sambashare
browseable = yes
writeable = yes
map archive = no
map system = no
map hidden = no
create mask = 0775
directory mask = 0775
guest ok = yes
# cat smbusers
!alexey = alexey
lab = *
#
ADS authentication works fine.
When I log in with a user not known to the AD server, they get mapped to
guest, and get the permissions of the nobody account. This I like.
When I log in with a user known to the AD server but != alexey, they get
mapped to lab and have the permissions of the lab account. This is good
too.
However, when I log in as alexey (for example by doing `smbclient
//server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have
the permissions of the lab user. ps shows the child smbd process running
as user lab, new files are created as that user, etc.
I think I'm doing something wrong womewhere, but I can't see what it is.
Can someone clue me in?
Alexey
More information about the samba
mailing list