[Samba] AIX 52 and long (>8) character Windows usernames
Kent Wick
Kent.Wick at ers.state.tx.us
Tue Feb 14 16:41:09 GMT 2006
Env: AIX 5.2 ML07 with Samba 3.0.21b (compiled in-house) with config options of:
--with-pam --with-winbind --with-acl-support --with-aio-support
Can anybody shed any light on why users that have 8 characters or less
(Windows and AIX) and are defined in /etc/passwd can access the defined
Samba share while those users with a Windows username of 9 characters
or more (who have been defined in the "username map" file are always
presented with an authentication window?
Is there something that I have wrong that I am just not seeing?
This Samba server is functioning as a member server in an existing Windows NT domain.
smb.conf reads:
[global]
workgroup = ERSSECURITY
netbios name = SAMBASRVR
server string = Samba
security = DOMAIN
algorithmic rid base = 500000
username map = /usr/local/samba/lib/nt_dom_2_unix_user_map
ldap ssl = no
idmap uid = 10001-30000
idmap gid = 10001-30000
winbind separator = +
[denali_d]
path = /samba/denali_d
read only = No
# guest ok = Yes
The file noted in "username map" reads:
brad=ERSSECURITY/bstafford
mrutherf=ERSSECURITY/mrutherford
sambat2=ERSSECURITY/sambatest
sambat2=sambatest
/etc/pam.conf reads:
# Authentication
#
login auth required /usr/lib/security/pam_winbind.so
login auth required /usr/lib/security/pam_aix try_first_pass
# login auth required /usr/lib/security/pam_aix
# login auth required /usr/lib/security/pam_winbind.so try_first_pass
su auth sufficient /usr/lib/security/pam_aix
OTHER auth required /usr/lib/security/pam_aix
#
# Account Mgmt
#
# login account required /usr/lib/security/pam_aix
login account sufficient /usr/lib/security/pam_winbind.so try_first_pass
OTHER account required /usr/lib/security/pam_aix
#
# Session Mgmt
#
OTHER session required /usr/lib/security/pam_aix
#
# Password Mgmt
#
OTHER password required /usr/lib/security/pam_aix
More information about the samba
mailing list