[Samba] user mapping problem when seurity=ads

Alexey Toptygin alexeyt at freeshell.org
Mon Apr 25 21:10:24 GMT 2005

I have a setup that looks roughly like:

# cat smb.conf
         security = ads
         workgroup = company
         realm = internal.company.com
         password server =

         netbios name = server
         server string = Samba Server
         name resolve order = wins bcast

         username map = /etc/samba/smbusers
         map to guest = Bad User
         invalid users = root

         comment = Test Share
         path = /home/sambashare
         browseable = yes
         writeable = yes
         map archive = no
         map system = no
         map hidden = no
         create mask = 0775
         directory mask = 0775
         guest ok = yes

# cat smbusers
!alexey = alexey
lab = *


ADS authentication works fine.

When I log in with a user not known to the AD server, they get mapped to 
guest, and get the permissions of the nobody account. This I like.

When I log in with a user known to the AD server but != alexey, they get 
mapped to lab and have the permissions of the lab account. This is good 

However, when I log in as alexey (for example by doing `smbclient 
//server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have 
the permissions of the lab user. ps shows the child smbd process running 
as user lab, new files are created as that user, etc.

I think I'm doing something wrong womewhere, but I can't see what it is. 
Can someone clue me in?


More information about the samba mailing list