[Samba] Differences with net join

Ric Tibbetts rtibbetts at lanl.gov
Fri Sep 30 20:45:27 GMT 2005


At 02:36 PM 9/30/2005, Jeremy Allison wrote:
>On Fri, Sep 30, 2005 at 01:24:30PM -0600, Ric Tibbetts wrote:
> > At 01:13 PM 9/30/2005, you wrote:
> > >On Fri, Sep 30, 2005 at 12:38:28PM -0600, Ric Tibbetts wrote:
> > >>
> > >> So the user does exist. But for some strange reason (which I still
> > >> don't understand), it doesn't report that to Samba at login time.
> > >>
> > >> >I'm CC:ing to the list so people can see the resolution of this issue.
> > >>
> > >> Sorry to say, that it's not resolved yet. I think we've found the
> > >> symptom, but not the cause.
> > >> If the user exists, why doesn't samba see it?
> > >>
> > >> All of the assistance on this is greatly appreciated!
> > >
> > >Oops, sorry - I deleted the email with the logs. You'll have to
> > >send me another copy and I'll look further...
> > >
> > >Jeremy.
> >
> >
> > No problem. Fresh logs attached.
> > Again, the assist is greatly appreciated!
>
>Ok - it looks like you're trying to use winbindd on this box. If you
>already have a unix uid that you've mapped the numeric windows user
>to you don't need to use winbindd. Can you confirm if you are running
>winbindd or now ? If you are, kill it and retry.
>
>This is related to Jerry's code here in auth/auth_util.c so I might ask
>him to look at the log:
>
>         /* try to fill the SAM account..  If getpwnam() fails, then try the
>            add user script (2.2.x behavior).
>
>            We use the _unmapped_ username here in an attempt to provide
>            consistent username mapping behavior between kerberos 
> and NTLM[SSP]
>            authentication in domain mode security.  I.E. Username 
> mapping should
>            be applied to the fully qualified username (e.g. DOMAIN\user) and
>            no just the login name.  Yes this mean swe called map_username()
>            unnecessarily in make_user_info_map() but that is how the current
>            code is designed.  Making the change here is the least disruptive
>            place.    -- jerry */
>
>         nt_status = fill_sam_account(mem_ctx, nt_domain, sent_nt_username,
>                 &found_username, &uid, &gid, &sam_account);
>
>         if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
>                 DEBUG(3,("User %s does not exist, trying to add 
> it\n", internal_username));
>                 smb_create_user( nt_domain, sent_nt_username, NULL);
>                 nt_status = fill_sam_account( mem_ctx, nt_domain, 
> sent_nt_username,
>                         &found_username, &uid, &gid, &sam_account );
>         }
>
>Jeremy.
>--

Nope, no winbind. I saw those references in the log too, but thought 
they were just standard checks.






More information about the samba mailing list