[Samba] 3.0.20 usermap script execution
Montenegro, Michael H (Michael)
mhm4 at lucent.com
Fri Dec 23 23:27:11 GMT 2005
I have created a mapusers.bash script (listed below) for mapping Active Directory handles to unix logins. This script is currently working as documented. I would like some insight into how and when this script gets called. I assumed that upon establishing each samba connection, after the active directory handle gets authenticated with the domain controller it passes the domain\handle to this script to determine the unix login to use. However, it seems to execute this script multiple times to establish a connection. I have tested this out by clearing the cache using nbtstat -R on the client and running smbstatus -u username and killing the procids then reconnecting. Samba consistently will pass just the active directory handle without the domain first which succeeds because my script will find the correct unix login to map to without the domain. Immediately after, Samba will pass the script the domain\handle which will also succeed. Why is this? Throughout the life of !
the connection it will continue to intermittently pass the active directory handle without the domain.
Samba version 3.0.20
Configuration: ./configure --prefix=/opt/samba-3.0.20 --with-smbwrapper --with-nis --with-quotas --with-syslog --with-included-popt
OS: Solaris 8
#!/bin/bash
if [ $1 ]
then
echo "$1" >> /tmp/mhm4in #line needed for debugging
#cut off the na0x\ part of input
na0xlogin=`echo "$1" | cut -d '\' -f2`
#search for a different unix login
unixlogin=`ypcat users.map | grep "\$na0xlogin$" | cut -d ' ' -f1`
if [[ $? = 0 && $unixlogin != "" ]]
then
#if unixlogin is in the users.map then return it
echo "$unixlogin"
echo "$unixlogin" >> /tmp/mhm4out #debugging only
else
#find unixlogin in NIS passwd map then return it
unixlogin=`ypcat passwd | cut -d ':' -f1 | grep ^$na0xlogin$`
echo "$unixlogin"
echo "$unixlogin" >> /tmp/mhm4out #debugging only
fi
# below if statement for debugging only
if [[ $unixlogin = "" ]]
then
#report to /tmp/mhm4error for any requests with no unix login
echo $na0xlogin >> /tmp/mhm4error #debugging only
fi
else
echo "You must enter a name to search."
exit 1
fi
smb.conf global section*********************
[global]
debug level = 3
security = domain
encrypt passwords = yes
password server = *
netbios name = server1
netbios aliases = server1 server1a
username map script = /opt/samba/lib/mapusers.bash
server string = %h (Samba %v)
workgroup = domain1
wins proxy = no
dns proxy = no
wins support = no
wins server = w.x.y.z
guest account = nobody
lock directory = /opt/samba/var/locks
browseable = no
create mask = 775
directory mask = 775
delete readonly = yes
name resolve order = wins lmhosts host bcast
case sensitive = no
preserve case = yes
short preserve case = yes
domain master = no
local master = no
preferred master = no
os level = 0
remote announce = w.x.y.255
log file = /opt/samba/var/%I.log
max log size = 1000
auto services = Unison
locking = yes
strict locking = no
dead time = 15
load printers = no
printing = sysv
lpq cache time = 0
map archive = no
read only = no
bind interfaces only = yes
interfaces = a.b.c.d
socket options = SO_KEEPALIVE
smb ports = 139
More information about the samba
mailing list