[Samba] problem with user nobody and net groupmap

Adam Williams awilliam at mdah.state.ms.us
Mon Apr 14 03:41:10 GMT 2008 

When I do net groupmap add rid=514 ntgroup="Domain Guests" 
unixgroup=nobody type=d and then try to connect to a share called share 
which only allows guest connections with the following permissions:

[global]
        guest account = nobody
        map to guest = bad user
        map to guest = bad password

[share]
        path = /samba/admin
        force directory mode = 777
        writeable = Yes
        create mode = 777
        force create mode = 777
        directory mode = 777
        force group = admin
        guest ok = Yes
        guest only = Yes

I get the error in the samba log:

[2008/04/13 22:27:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2162)
  init_group_from_ldap: Entry found for group: 65534
[2008/04/13 22:27:26, 1] auth/auth_util.c:create_token_from_username(1110)
  nobody is a Domain Group, not a user

however, if I run net groupmap delete ntgroup="Domain Guests" then I can 
connect to the share fine.  Why is this?  Why can't samba connect as the 
user nobody when the nobody group is mapped?  nobody is loaded into ldap:

[root at roark samba]# ldapsearch -D 
'cn=Manager,dc=mdah,dc=state,dc=ms,dc=us' -b 
"uid=nobody,ou=People,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxxxxxxxx -x
# extended LDIF
#
# LDAPv3
# base <uid=nobody,ou=People,dc=mdah,dc=state,dc=ms,dc=us> with scope 
subtree
# filter: (objectclass=*)
# requesting: ALL
#

# nobody, People, mdah.state.ms.us
dn: uid=nobody,ou=People,dc=mdah,dc=state,dc=ms,dc=us
uid: nobody
cn: Nobody
sn: Nobody
mail: nobody at mdah.state.ms.us
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: hostObject
userPassword:: xxxxxxxxxxxxxxxx
shadowLastChange: 13966
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/sh
uidNumber: 65534
gidNumber: 65534
host: roark
host: archives3
host: arrowhead
host: preshs
host: wmounds
host: manship
host: welty
homeDirectory: /home
gecos: Nobody

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root at roark samba]#

[root at roark samba]# ldapsearch -D 
'cn=Manager,dc=mdah,dc=state,dc=ms,dc=us' -b 
"cn=nobody,ou=Group,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxxxxxx -x
# extended LDIF
#
# LDAPv3
# base <cn=nobody,ou=Group,dc=mdah,dc=state,dc=ms,dc=us> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# nobody, Group, mdah.state.ms.us
dn: cn=nobody,ou=Group,dc=mdah,dc=state,dc=ms,dc=us
objectClass: posixGroup
objectClass: top
cn: nobody
userPassword:: xxxxxxxxxxxxxx
gidNumber: 65534

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

More information about the samba mailing list