[Samba] Administrator->root mapping not working on 3.0.10 (3.0.7 fine)

Gerald (Jerry) Carter jerry at samba.org
Thu Jan 6 15:08:26 GMT 2005

Hash: SHA1

Stephen Borrill wrote:
| We are using samba 3 on NetBSD with security=domain
| authenticating against Windows 2003. We have a username map
| of "root = administrator". In all previous versions of
| samba tested (2.2.x and 3.0.x), this means when we log on
| as administrator, we have root access and see the root
| share. With 3.0.10, we are continually prompted for a
| password.

~From the 3.0.8 release notes (WHATSNEW.txt):

Change in Winbindd Behavior
- ---------------------------

All usernames returned by winbindd are now converted to lower
case for better consistency.  This means any winbind installation
relying on the winbind username will need to rename existing
directories and/or files based on the username (%u and %U) to lower
case (e.g. mv $name `echo $name | tr '[A-Z]' '[a-z]'`).  This may
include mail spool files, home directories, valid user lines in
smb.conf, etc....

Change in Username Map
- ----------------------

Previous Samba releases would only support reading the fully qualified
username (e.g. DOMAIN\user) from the username map when performing a
kerberos login from a client.  However, when looking up a map
entry for a user authenticated by NTLM[SSP], only the login name would be
used for matches.  This resulted in inconsistent behavior sometimes
even on the same server.

Samba 3.0.8 obeys the following rules when applying the username
map functionality:

~  * When performing local authentication, the username map is
~    applied to the login name before attempting to authenticate
~    the connection.
~  * When relying upon a external domain controller for validating
~    authentication requests, smbd will apply the username map
~    to the fully qualified username (i.e. DOMAIN\user) only
~    after the user has been successfully authenticated.

cheer,s jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list