[Samba] newbie : mapping problem between linux and samba users

stephane durieux durieux42 at yahoo.fr
Fri Feb 3 16:06:42 GMT 2006


Hello

I have a mapping problem between linux and samba users
logged as a domain user steph under windows, I try to update the 
password but a message like
"you don't have the right to do that operation" appeals.
Logged as root I can do it.

When  I  dismiss  the  synchronisation between linux and windows users, 
it works !!
I have also noticed that I can only make mapping between pre defined 
windows
with "net groupmap set" and not "net groupmap add sid= unixgroup= "  
which started to fail each time.
(don t know if it s a normal behaviour)

So I have though it was due to a problem in my tdb database file and I 
run a check tools giving no problem.

So I put here my mappings :
------------------------------------------------
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3113648812-2111614216-3829755549-512) -> root
Domain Guests (S-1-5-21-3113648812-2111614216-3829755549-514) -> -1
Power Users (S-1-5-32-547) -> users
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-3113648812-2111614216-3829755549-513) -> users


the logs I have obtained  (noticing there is a problem with a share 
secret between the window host and the server but which secret ? a 
secret for trusted domain ??????  no relation with my problem !!!) :



[[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info_map(224)
  make_user_info_map: Mapping user [GII]\[steph] from workstation [ESSAI]
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/02/03 15:53:35, 5] auth/auth_util.c:is_trusted_domain(1560)
  is_trusted_domain: Checking for domain trust with [GII]
[2006/02/03 15:53:35, 5] 
passdb/secrets.c:secrets_fetch_trusted_domain_password(333)
  secrets_fetch failed!
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 10] lib/gencache.c:gencache_get(285)
  Cache entry with key = TDOM/GII couldn't be found
[2006/02/03 15:53:35, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
  no entry for trusted domain GII found.
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(132)
  attempting to make a user_info for steph (steph)
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(142)
  making strings for steph's user_info struct
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(184)
  making blobs for steph's user_info struct
[2006/02/03 15:53:35, 10] auth/auth_util.c:make_user_info(200)
  made an encrypted user_info for steph (steph)
[2006/02/03 15:53:35, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user 
[GII]\[steph]@[ESSAI] with the new password interface
[2006/02/03 15:53:35, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [GII]\[steph]@[ESSAI]
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(231)
  check_ntlm_password: auth_context challenge created by NTLMSSP 
callback (NTLM2)
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(233)
  challenge is:
[2006/02/03 15:53:35, 5] lib/util.c:dump_data(1995)
  [000] 25 C6 28 63 8E 66 60 20                           %.(c.f` 
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(259)
  check_ntlm_password: guest had nothing to say
[2006/02/03 15:53:35, 8] lib/util.c:is_myname(1815)
  is_myname("GII") returns 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0


here is my smb.conf
---------------------------------


[global]

   netbios name = samba-1
   workgroup = GII
   server string = %h server
   wins support = yes 
   dns proxy = no

   log file = /var/log/samba/log.%m
   syslog=0
   log level = 200
   max log size = 1000

   panic action = /usr/share/samba/panic-action %d

   security = user

   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = no
   unix password sync = yes
   passwd chat = "*Enter\snew\sUNIX\spassword:*" %n\n 
"*Retype\snew\sUNIX\spassword:*" %n\n "*"

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   domain master = yes 
   local master = yes    
   os level = 65
   domain logons = yes

   time server = yes

   admin users = root

   logon path = \\%L\profiles\%U
   logon drive = W:
   logon home = \\%L\%U\.win_profile
   logon script = home.bat

   add user script = /usr/sbin/useradd -d /home/%u -g users -s /bin/bash 
-m %u
   delete user script = /usr/sbin/userdel %u
   add group script = /usr/sbin/groupadd %g
   delete group script = /usr/sbin/groupdel %g
 
[ netlogon ]
   path = /var/lib/samba/netlogon
   writable = yes
   browsable = yes   

[ profiles ]
   path = /home/samba-profiles
   browsable = no
   writable = yes
   create mask = 0600
   directory mask = 0700

[ homes ]
   comment = Home Directories
   browseable = no
   writable = yes 
   create mask = 0700
   directory mask = 0700

[ partage ]
path = /partage
comment = Partage commun a tous les utilisateurs
browsable = yes
writable = yes
create mask = 0777
directory mask = 0777



More information about the samba mailing list