[Samba] 3.0.20 usermap script execution

Montenegro, Michael H (Michael) mhm4 at lucent.com
Fri Dec 23 23:27:11 GMT 2005

I have created a mapusers.bash script (listed below) for mapping Active Directory handles to unix logins.  This script is currently working as documented.  I would like some insight into how and when this script gets called.  I assumed that upon establishing each samba connection, after the active directory handle gets authenticated with the domain controller it passes the domain\handle to this script to determine the unix login to use.  However, it seems to execute this script multiple times to establish a connection.  I have tested this out by clearing the cache using nbtstat -R on the client and running smbstatus -u username and killing the procids then reconnecting.  Samba consistently will pass just the active directory handle without the domain first which succeeds because my script will find the correct unix login to map to without the domain.  Immediately after, Samba will pass the script the domain\handle which will also succeed. Why is this? Throughout the life of !
 the connection it will continue to intermittently pass the active directory handle without the domain.  

Samba version 3.0.20
Configuration: ./configure --prefix=/opt/samba-3.0.20 --with-smbwrapper --with-nis --with-quotas --with-syslog --with-included-popt
OS: Solaris 8


if [ $1 ]
        echo "$1" >> /tmp/mhm4in #line needed for debugging

        #cut off the na0x\ part of input
        na0xlogin=`echo "$1" | cut -d '\' -f2`

        #search for a different unix login
        unixlogin=`ypcat users.map | grep "\$na0xlogin$" | cut -d ' ' -f1`

        if [[ $? = 0 && $unixlogin != "" ]]
                #if unixlogin is in the users.map then return it
                echo "$unixlogin"
                echo "$unixlogin" >> /tmp/mhm4out #debugging only
                #find unixlogin in NIS passwd map then return it
                unixlogin=`ypcat passwd | cut -d ':' -f1 | grep ^$na0xlogin$`
                echo "$unixlogin"
                echo "$unixlogin" >> /tmp/mhm4out #debugging only

        # below if statement for debugging only
        if [[ $unixlogin = "" ]]
                #report to /tmp/mhm4error for any requests with no unix login
                echo $na0xlogin  >> /tmp/mhm4error #debugging only

        echo "You must enter a name to search."
        exit 1

smb.conf global section*********************
   debug level = 3
   security = domain
   encrypt passwords = yes
   password server = *
   netbios name = server1
   netbios aliases = server1 server1a
   username map script = /opt/samba/lib/mapusers.bash
   server string = %h (Samba %v)
   workgroup = domain1
   wins proxy = no
   dns proxy = no
   wins support = no
   wins server = w.x.y.z
   guest account = nobody
   lock directory = /opt/samba/var/locks
   browseable = no
   create mask = 775
   directory mask = 775
   delete readonly = yes
   name resolve order = wins lmhosts host bcast
   case sensitive = no
   preserve case = yes
   short preserve case = yes
   domain master = no
   local master = no
   preferred master = no
   os level = 0
   remote announce = w.x.y.255
   log file = /opt/samba/var/%I.log
   max log size = 1000
   auto services = Unison 
   locking = yes
   strict locking = no
   dead time = 15
   load printers = no
   printing = sysv
   lpq cache time = 0
   map archive = no
   read only = no
   bind interfaces only = yes
   interfaces = a.b.c.d
   socket options = SO_KEEPALIVE
   smb ports = 139

More information about the samba mailing list