[Samba] username maps and security=ads

Billinghurst, David (CALCRTS) david.billinghurst at comalco.riotinto.com.au
Mon Oct 17 07:16:16 GMT 2005

I have been having problems with username maps and security=ads.

I now have a solution (or at least a work around) that is working
for me.  I sort of stumbled across it, as I don't recall reading
any samba docs that mentions the need to have the realm name
in the smbuser file.  

Samba server is RHEL3 with samba-3.0.20 compiled from source 
authenticating against a windows ADS.

Here is the smb.conf file 
# Global parameters
        workgroup = GROUP
        realm = GROUP.COMPANY.ORG
        server string = Samba Server
        encrypt passwords = yes
        security = ads
        username map = /usr/local/samba-3.0.20/lib/smbusers
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        local master = No
        dns proxy = No
        os level = 0
        log level = 3
        comment = Home Directories
        read only = No

I found that the smb user map file had to look like 

# Unix_name = SMB_name1 SMB_name2 ...
unixuser = smbname GROUP.COMPANY.ORG\smbname

This e-mail and any attachments are private and confidential and may contain privileged information. If you are not an authorised recipient, the copying or distribution of this e-mail and any attachments is prohibited and you must not read, print or act in reliance on this e-mail or attachments.
This notice should not be removed.

More information about the samba mailing list