[Samba] Retry: Mapping AD domain users to UNIX users

Hansjörg Maurer Hansjoerg.Maurer at dlr.de
Wed Jan 23 13:19:34 GMT 2008


with recent (< =3.0.26 I think) samba Versions it is possible to use


        idmap domains =  DOMNAME
        idmap config DOMNAME:backend  = nss
        idmap config DOMNAME:readonly = yes

in our case.

We are running 3.0.28 in security = ADS,
and Linux gets the same usernames from NIS vis nss.

They are correctly mapped , and zhe windows security dialog shows



Nigel.Pain at scotland.gsi.gov.uk wrote:
> Further information:
> Someone suggested that the problem might be because of the AD user names
> being uppercase, which could be resolved with a usermap file. There are
> some AD user IDs that are uppercase (whereas all the UNIX ones are
> lowercase). However, I thought that the automatic mapping took care of
> that? Also, I wanted to avoid having an explicit usermap file as that's
> one extra thing to manage. Maybe I'm expecting too much of Samba?
> I tried configuring for a usermap file and adding an account mapping
> into it. However, the security properties on the Windows side still
> display the account in the form:
> u123456 (Unix User\u123456)
> Regards,
> Nigel
> ---------------------------------------- 
> Nigel Pain 
> The Scottish Government 
> Corporate Systems Support 
> Information Systems and Information Services (ISIS) 
> Victoria Quay 
> EH6 6QQ 
> UK 
> ********************************************************
> This e-mail (and any files or other attachments transmitted with it) is intended solely for the attention of the addressee(s).  Unauthorised use, disclosure, storage, copying or distribution of any part of this e-mail is not permitted.  If you are not the intended recipient please destroy the email, remove any copies from your system and inform the sender immediately by return.
> Communications with the Scottish Government may be monitored or recorded in order to secure the effective operation of the system and for other lawful purposes.  The views or opinions contained within this e-mail may not necessarily reflect those of the Scottish Government.
> ********************************************************
> The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi this email was certified virus free.
> Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.


Deutsches Zentrum fuer Luft- und Raumfahrt e.V.
in der Helmholtz-Gemeinschaft

Institut fuer Robotik und Mechatronik

Dr. Hansjörg Maurer

LAN- und Systemmanager

Münchner Strasse 20
82234 Wessling

Telefon: 08153/28-2431 
Telefax: 08153/28-1134

E-Mail: Hansjoerg.Maurer at dlr.de
Internet: http://www.robotic.dlr.de/


There are 10 types of people in this world, 
those who understand binary and those who don't.

More information about the samba mailing list