[Samba] Administrator->root mapping not working on 3.0.10 (3.0.7
samba at precedence.co.uk
Thu Jan 6 15:34:37 GMT 2005
On Thu, 6 Jan 2005, Gerald (Jerry) Carter wrote:
> Stephen Borrill wrote:
> | We are using samba 3 on NetBSD with security=domain
> | authenticating against Windows 2003. We have a username map
> | of "root = administrator". In all previous versions of
> | samba tested (2.2.x and 3.0.x), this means when we log on
> | as administrator, we have root access and see the root
> | share. With 3.0.10, we are continually prompted for a
> | password.
> ~From the 3.0.8 release notes (WHATSNEW.txt):
> Change in Username Map
> - ----------------------
> Previous Samba releases would only support reading the fully qualified
> username (e.g. DOMAIN\user) from the username map when performing a
> kerberos login from a client. However, when looking up a map
> entry for a user authenticated by NTLM[SSP], only the login name would be
> used for matches. This resulted in inconsistent behavior sometimes
> even on the same server.
> Samba 3.0.8 obeys the following rules when applying the username
> map functionality:
> ~ * When performing local authentication, the username map is
> ~ applied to the login name before attempting to authenticate
> ~ the connection.
> ~ * When relying upon a external domain controller for validating
> ~ authentication requests, smbd will apply the username map
> ~ to the fully qualified username (i.e. DOMAIN\user) only
> ~ after the user has been successfully authenticated.
I'd followed that discussion, but I guess I hadn't quite followed the
ramifcations! A username map of "root=DOMAIN\Administrator" works fine.
Thanks a lot,
More information about the samba