[Samba] 3.0.25 breaks "username map"?

Jason Haar Jason.Haar at trimble.co.nz
Mon May 21 01:21:46 GMT 2007

Hi there

I was using "username map" under 3.0.24 so that when I connected from
DOM\jhaar under (ADS Win2K3) Windows, it was mapped to my local "jhaar"
Unix account - with homedir "/home/jhaar", etc.

However, when I upgraded to 3.0.25, I started getting
NT_STATUS_LOGON_FAILURE errors - even when just trying to list the
shares. This occurred using smbclient as well as Windows clients.

Ends up it was that "username map" wasn't working correctly. It appears
to be that when DOM\jhaar connects, it generates the following error:

[2007/05/21 13:18:11, 10] passdb/lookup_sid.c:lookup_name(64)
  lookup_name: Unix User\jhaar => Unix User (domain), jhaar (name)
[2007/05/21 13:18:11, 10] lib/util_pw.c:getpwnam_alloc(76)
  Got jhaar from pwnam_cache
[2007/05/21 13:18:11, 5] passdb/lookup_sid.c:sid_to_uid(1401)
  winbind failed to find a uid for sid S-1-22-1-500
[2007/05/21 13:18:11, 1] auth/auth_util.c:create_token_from_username(1110)
  sid_to_uid for jhaar (S-1-22-1-500) failed
[2007/05/21 13:18:11, 10]
  create_local_token failed
[2007/05/21 13:18:11, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)

The Unix account "jhaar" indeed has a UID of 500.

If I remove the account from the "username map" file, then the problem
disappears - although of course I can no longer connect to my homedir as
the UIDs of "jhaar" cf. "DOM\jhaar" are different :-/

I have tried this with a couple of other domain accounts (I created Unix
versions of the usernames) and the same thing occurs. If they are not in
the "username map" file, they work - otherwise they don't. Has the
format of "username map" changed? I currently have "jhaar=DOM\jhaar" and
that worked under 3.0.24 and previous.

I have rolled back to 3.0.24 and the problem disappears - so it's
something in 3.0.25 fer shure...


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the samba mailing list