[Samba] samba3->ADS / user name format problem

Ronny Forberger ronny.forberger at elegosoft.com
Sun Aug 19 22:04:43 GMT 2007


Hi there,

I am posting as I am stuck finding a solution on authenticating samba
against Microsoft(tm) Active Directory Service (ADS).

My szenario is:

My operating system (FreeBSD) gets the usernames which own the files I
want to share using samba-3 by the nss_ldap authentication modul from
the ADS (LDAP).

So now I tried samba to query ADS as well, resolving ADS users and make
them able to log on to samba with their ADS-account.

But the only way I found is using winbindd and use old NT-style
authentication behavior, so that the user names samba gets have the
format DOMAIN\user (where the seperator can be customized in smb.conf).

The problem now is:

User names in FreeBSD queried via nss_ldap have the form: user

User Names in samba queried via winbindd have the form: DOMAIN\user

This is a conflict when samba will do file operation on files that are
owned by user, not DOMAIN\user.

The glues I have about just are:

1) Waiting for samba-4?

2) Using user name mapping in smb.conf, mapping DOMAIN\user style to
user style.

3) Any way querying ADS via smbldap_tools? They don't support the MS
Services Unix attribute mappings, do they?

Does anyone have any usable solutions for these user name conflicts?

It won't be possible to authenticate FreeBSD user names via winbindd to
get DOMAIN\user style though.

- Ronny

-- 
Ronny Forberger
Systemadministration & IT-Support

elego Software Solutions GmbH
Gustav-Meyer-Allee 25
Gebäude 12, Raum 227
D-13355 Berlin

Tel. +49 30 23 45 86 96      ronny.forberger at elegosoft.com
Fax  +49 30 23 45 86 95      http://www.elegosoft.com

Geschäftsführer: Olaf Wagner, Sitz Berlin 
Amtsgericht Berlin-Charlottenburg, HRB 77719, USt-IdNr: DE163214194



More information about the samba mailing list