[Samba] Administrator->root mapping not working on 3.0.10 (3.0.7 fine)

Stephen Borrill samba at precedence.co.uk
Thu Jan 6 15:34:37 GMT 2005


On Thu, 6 Jan 2005, Gerald (Jerry) Carter wrote:
> Stephen Borrill wrote:
> | We are using samba 3 on NetBSD with security=domain
> | authenticating against Windows 2003. We have a username map
> | of "root = administrator". In all previous versions of
> | samba tested (2.2.x and 3.0.x), this means when we log on
> | as administrator, we have root access and see the root
> | share. With 3.0.10, we are continually prompted for a
> | password.
> 
> ~From the 3.0.8 release notes (WHATSNEW.txt):
[snip]
> Change in Username Map
> - ----------------------
> 
> Previous Samba releases would only support reading the fully qualified
> username (e.g. DOMAIN\user) from the username map when performing a
> kerberos login from a client.  However, when looking up a map
> entry for a user authenticated by NTLM[SSP], only the login name would be
> used for matches.  This resulted in inconsistent behavior sometimes
> even on the same server.
> 
> Samba 3.0.8 obeys the following rules when applying the username
> map functionality:
> 
> ~  * When performing local authentication, the username map is
> ~    applied to the login name before attempting to authenticate
> ~    the connection.
> ~  * When relying upon a external domain controller for validating
> ~    authentication requests, smbd will apply the username map
> ~    to the fully qualified username (i.e. DOMAIN\user) only
> ~    after the user has been successfully authenticated.

I'd followed that discussion, but I guess I hadn't quite followed the
ramifcations! A username map of "root=DOMAIN\Administrator" works fine.

Thanks a lot,

-- 
Stephen



More information about the samba mailing list