[Samba] user mapping problem when seurity=ads
Gerald (Jerry) Carter
jerry at samba.org
Tue Apr 26 13:58:56 GMT 2005
Alexey Toptygin wrote:
>
> I have a setup that looks roughly like:
>
> # cat smb.conf
> [global]
> security = ads
> workgroup = company
> realm = internal.company.com
> password server = 192.168.1.2
>
> netbios name = server
> server string = Samba Server
> name resolve order = wins bcast
>
> username map = /etc/samba/smbusers
> map to guest = Bad User
> invalid users = root
>
> [share]
> comment = Test Share
> path = /home/sambashare
> browseable = yes
> writeable = yes
> map archive = no
> map system = no
> map hidden = no
> create mask = 0775
> directory mask = 0775
> guest ok = yes
>
> # cat smbusers
> !alexey = alexey
> lab = *
>
> #
>
> ADS authentication works fine.
>
> When I log in with a user not known to the AD server, they get mapped to
> guest, and get the permissions of the nobody account. This I like.
>
> When I log in with a user known to the AD server but != alexey, they get
> mapped to lab and have the permissions of the lab account. This is good
> too.
>
> However, when I log in as alexey (for example by doing `smbclient
> //server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have
> the permissions of the lab user. ps shows the child smbd process running
> as user lab, new files are created as that user, etc.
Without winbind you will need to define the map entry as
!alexy = internal.company.com\alexy
The current usernamep map semantics is described in the releases
notes for Samba 3.0.8 IIRC.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20050426/9a4c0eb0/signature.bin
More information about the samba
mailing list