[Samba] Differences with net join
Gerald (Jerry) Carter
jerry at samba.org
Fri Sep 30 21:03:51 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy Allison wrote:
> On Fri, Sep 30, 2005 at 02:45:27PM -0600, Ric Tibbetts wrote:
>>Nope, no winbind. I saw those references in the log too, but thought
>>they were just standard checks.
>
> The problem is definately related to the mapping
> between the numeric Windows user and the unix user. What
> does your username map file look like ?
I can tell from the logs that he is not using the fully
qualified name.
Scanning username map /usr/local/samba/private/smbusers
user_in_list: checking user WIN\212442 in list
user_in_list: checking user |WIN\212442| against |administrator|
user_in_list: checking user |WIN\212442| against |admin|
user_in_list: checking user WIN\212442 in list
user_in_list: checking user |WIN\212442| against |guest|
user_in_list: checking user |WIN\212442| against |pcguest|
user_in_list: checking user |WIN\212442| against |smbguest|
user_in_list: checking user WIN\212442 in list
user_in_list: checking user |WIN\212442| against |214023|
user_in_list: checking user WIN\212442 in list
user_in_list: checking user |WIN\212442| against |203691|
> Just to test, can you ensure you have both the
>
> u<number>=<number>
> u<number>=<DOMAIN>\<number>
>
> entries in the username map for the user you're testing with.
>
> BTW: The reason you're having such trouble with this set up
> is that having a Windows domain consisting of numeric user id's
> is an unusual setup. Most people don't set things up this way.
No. I think that I need to update the man page
- From the 3.0.8 release notes:
======================
Change in Username Map
======================
Previous Samba releases would only support reading the fully qualified
username (e.g. DOMAIN\user) from the username map when performing a
kerberos login from a client. However, when looking up a map
entry for a user authenticated by NTLM[SSP], only the login name would be
used for matches. This resulted in inconsistent behavior sometimes
even on the same server.
Samba 3.0.8 obeys the following rules when applying the username
map functionality:
* When performing local authentication, the username map is
applied to the login name before attempting to authenticate
the connection.
* When relying upon a external domain controller for validating
authentication requests, smbd will apply the username map
to the fully qualified username (i.e. DOMAIN\user) only
after the user has been successfully authenticated.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDPag3IR7qMdg1EfYRAnH5AJ9r3ZH8DxT4SILRCJpzOh8wQspOjwCg0vYa
xrHb23jb0vTXiKT5o/FpOxA=
=ABfE
-----END PGP SIGNATURE-----
More information about the samba
mailing list