[Samba] NT/UNIX username mapping possible directly via tdbsam?

Dominik Schuppli dom at rave.ch
Tue Nov 29 12:08:32 GMT 2005

"Gerald (Jerry) Carter" <jerry at samba.org> said:
> | The problem with 'username map' files is that the
> | mappings seem to work only in one direction, namely
> | from NT towards UNIX usernames. However, I'd like
> | to achieve a true, bi-directional one-to-one
> | mapping, e.g. between UNIX username 'root' and NT
> | username 'Administrator'.
> What would you expect by "going in the reverse direction"?
> Can you give me an example?

Certainly. Assume again that I want to map UNIX username 'root' to
Windows username 'Administrator' (and vice versa). Let's say I have a
file on a UNIX machine owned by 'root'. When I then look at this file's
security properties on a Windows machine (via Samba share) I will see a
entry for 'DOMAIN\root'. I would prefer to see 'DOMAIN\Administrator'.

The reason for this is that I am migrating an NT4 domain to Samba. Some
users have quite long NT usernames, and I want to keep the corresponding
UNIX account names short (max. 8 characters). However, it would be nice
if this username change would be completely transparent (ie. not
noticeable on Windows domain member clients).

Understand that getting this to work is not essential, however it would
make the server migration even more perfect and potentially avoid
confusion with some users.

> | The command 'pdbedit -Lv <username>' shows separate fields
> | for both UNIX and NT usernames.
> I think the nt user name is essentially unused.

Ah. That'd explain why 'pdbedit' doesn't have an option to manipulate
this entry. :-)

-- Dominik

http://www.fastmail.fm - Access all of your messages and folders
                          wherever you are

More information about the samba mailing list