[Samba] Variable substitution or wildcards in "username map"

pepe pepe at embl.de
Wed May 4 10:20:28 GMT 2005

Is it possible to use wildcards or variable substitution in the 
"username map"?  I am using:

security = ADS
password server = TEST1.MYDOMAIN

The samba server joined the subdomain TEST1.MYDOMAIN. There is a trusted 
relationship between MYDOMAIN and TEST1.MYDOMAIN. I want ONLY users from 
TEST1.MYDOMAIN to have access to the samba shares, users from MYDOMAIN 
must be rejected.

The problem I have now is:

- a username MYDOMAIN\user1 mapping a share gets authenticated by 
MYDOMAIN due to the trusted relationship and then mapped to unix user1.

- a username TEST1\user1 mapping a share gets authenticated by TEST1 and 
then mapped to unix user1.

so I have 2 different windows users mapped to the same unix user. I can 
solve the problem by mapping just the valid users in "username map" this 

!user1 = TEST1\user1
nobody = *

I have more than 1000 users and serveral samba servers... so keeping all 
"username map" in sync can be a pain. Could I use wildcards in the 
"username map"? If so, what is the syntax? I tried the following but 
does not work...

nobody = MYDOMAIN\*

Can I use variable substitution? I would like to do something like this:

%U = TEST1\%U
nobody = MYDOMAIN\%U

Francisco Lozano - EMBL (Heidelberg)

More information about the samba mailing list