[Samba] Differences with net join

Ric Tibbetts rtibbetts at lanl.gov
Fri Sep 30 21:48:16 GMT 2005 

EUREKA ! ! ! ! !

That was it! I needed to map the DOMAIN\username, and that solved it!

Thank you very, very much!!!
My whole week-end just got better!


-Ric


At 03:03 PM 9/30/2005, Gerald (Jerry) Carter wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Jeremy Allison wrote:
> > On Fri, Sep 30, 2005 at 02:45:27PM -0600, Ric Tibbetts wrote:
> >>Nope, no winbind. I saw those references in the log too, but thought
> >>they were just standard checks.
> >
> > The problem is definately related to the mapping
> > between the numeric Windows user and the unix user. What
> > does your username map file look like ?
>
>I can tell from the logs that he is not using the fully
>qualified name.
>
>  Scanning username map /usr/local/samba/private/smbusers
>   user_in_list: checking user WIN\212442 in list
>   user_in_list: checking user |WIN\212442| against |administrator|
>   user_in_list: checking user |WIN\212442| against |admin|
>   user_in_list: checking user WIN\212442 in list
>   user_in_list: checking user |WIN\212442| against |guest|
>   user_in_list: checking user |WIN\212442| against |pcguest|
>   user_in_list: checking user |WIN\212442| against |smbguest|
>   user_in_list: checking user WIN\212442 in list
>   user_in_list: checking user |WIN\212442| against |214023|
>   user_in_list: checking user WIN\212442 in list
>   user_in_list: checking user |WIN\212442| against |203691|
>
> > Just to test, can you ensure you have both the
> >
> > u<number>=<number>
> > u<number>=<DOMAIN>\<number>
> >
> > entries in the username map for the user you're testing with.
> >
> > BTW: The reason you're having such trouble with this set up
> > is that having a Windows domain consisting of numeric user id's
> > is an unusual setup. Most people don't set things up this way.
>
>No.  I think that I need to update the man page
>
>- From the 3.0.8 release notes:
>
>======================
>Change in Username Map
>======================
>
>Previous Samba releases would only support reading the fully qualified
>username (e.g. DOMAIN\user) from the username map when performing a
>kerberos login from a client.  However, when looking up a map
>entry for a user authenticated by NTLM[SSP], only the login name would be
>used for matches.  This resulted in inconsistent behavior sometimes
>even on the same server.
>
>Samba 3.0.8 obeys the following rules when applying the username
>map functionality:
>
>   * When performing local authentication, the username map is
>     applied to the login name before attempting to authenticate
>     the connection.
>   * When relying upon a external domain controller for validating
>     authentication requests, smbd will apply the username map
>     to the fully qualified username (i.e. DOMAIN\user) only
>     after the user has been successfully authenticated.
>
>
>
>
>
>
>
>cheers, jerry
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.0 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFDPag3IR7qMdg1EfYRAnH5AJ9r3ZH8DxT4SILRCJpzOh8wQspOjwCg0vYa
>xrHb23jb0vTXiKT5o/FpOxA=
>=ABfE
>-----END PGP SIGNATURE-----

More information about the samba mailing list