[Samba] user mapping problem when seurity=ads

Gerald (Jerry) Carter jerry at samba.org
Tue Apr 26 13:58:56 GMT 2005


Alexey Toptygin wrote:
> 
> I have a setup that looks roughly like:
> 
> # cat smb.conf
> [global]
>         security = ads
>         workgroup = company
>         realm = internal.company.com
>         password server = 192.168.1.2
> 
>         netbios name = server
>         server string = Samba Server
>         name resolve order = wins bcast
> 
>         username map = /etc/samba/smbusers
>         map to guest = Bad User
>         invalid users = root
> 
> [share]
>         comment = Test Share
>         path = /home/sambashare
>         browseable = yes
>         writeable = yes
>         map archive = no
>         map system = no
>         map hidden = no
>         create mask = 0775
>         directory mask = 0775
>         guest ok = yes
> 
> # cat smbusers
> !alexey = alexey
> lab = *
> 
> #
> 
> ADS authentication works fine.
> 
> When I log in with a user not known to the AD server, they get mapped to
> guest, and get the permissions of the nobody account. This I like.
> 
> When I log in with a user known to the AD server but != alexey, they get
> mapped to lab and have the permissions of the lab account. This is good
> too.
> 
> However, when I log in as alexey (for example by doing `smbclient
> //server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have
> the permissions of the lab user. ps shows the child smbd process running
> as user lab, new files are created as that user, etc.

Without winbind you will need to define the map entry as

	!alexy = internal.company.com\alexy

The current usernamep map semantics is described in the releases
notes for Samba 3.0.8 IIRC.





cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20050426/9a4c0eb0/signature.bin


More information about the samba mailing list