[Samba] Differences with net join

Gerald (Jerry) Carter jerry at samba.org
Fri Sep 30 21:03:51 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeremy Allison wrote:
> On Fri, Sep 30, 2005 at 02:45:27PM -0600, Ric Tibbetts wrote:
>>Nope, no winbind. I saw those references in the log too, but thought 
>>they were just standard checks.
> 
> The problem is definately related to the mapping 
> between the numeric Windows user and the unix user. What
> does your username map file look like ?

I can tell from the logs that he is not using the fully
qualified name.

 Scanning username map /usr/local/samba/private/smbusers
  user_in_list: checking user WIN\212442 in list
  user_in_list: checking user |WIN\212442| against |administrator|
  user_in_list: checking user |WIN\212442| against |admin|
  user_in_list: checking user WIN\212442 in list
  user_in_list: checking user |WIN\212442| against |guest|
  user_in_list: checking user |WIN\212442| against |pcguest|
  user_in_list: checking user |WIN\212442| against |smbguest|
  user_in_list: checking user WIN\212442 in list
  user_in_list: checking user |WIN\212442| against |214023|
  user_in_list: checking user WIN\212442 in list
  user_in_list: checking user |WIN\212442| against |203691|

> Just to test, can you ensure you have both the
> 
> u<number>=<number>
> u<number>=<DOMAIN>\<number>
> 
> entries in the username map for the user you're testing with.
> 
> BTW: The reason you're having such trouble with this set up
> is that having a Windows domain consisting of numeric user id's
> is an unusual setup. Most people don't set things up this way.

No.  I think that I need to update the man page

- From the 3.0.8 release notes:

======================
Change in Username Map
======================

Previous Samba releases would only support reading the fully qualified
username (e.g. DOMAIN\user) from the username map when performing a
kerberos login from a client.  However, when looking up a map
entry for a user authenticated by NTLM[SSP], only the login name would be
used for matches.  This resulted in inconsistent behavior sometimes
even on the same server.

Samba 3.0.8 obeys the following rules when applying the username
map functionality:

  * When performing local authentication, the username map is
    applied to the login name before attempting to authenticate
    the connection.
  * When relying upon a external domain controller for validating
    authentication requests, smbd will apply the username map
    to the fully qualified username (i.e. DOMAIN\user) only
    after the user has been successfully authenticated.







cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDPag3IR7qMdg1EfYRAnH5AJ9r3ZH8DxT4SILRCJpzOh8wQspOjwCg0vYa
xrHb23jb0vTXiKT5o/FpOxA=
=ABfE
-----END PGP SIGNATURE-----

More information about the samba mailing list