[Samba] Retry: Mapping AD domain users to UNIX users

Michael St. Laurent mikes at hartwellcorp.com
Thu Jan 24 18:20:00 GMT 2008 

Bless you Hans! I've been trying to figure this out for a while now.  I did not know that idmap_nss existed! 

> -----Original Message-----
> From: samba-bounces+mikes=hartwellcorp.com at lists.samba.org 
> [mailto:samba-bounces+mikes=hartwellcorp.com at lists.samba.org] 
> On Behalf Of Hansjörg Maurer
> Sent: Wednesday, January 23, 2008 5:20 AM
> To: Nigel.Pain at scotland.gsi.gov.uk
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Retry: Mapping AD domain users to UNIX users
> 
> Hi
> 
> with recent (< =3.0.26 I think) samba Versions it is possible to use
> 
> http://us3.samba.org/samba/docs/man/manpages-3/idmap_nss.8.html
> 
>         idmap domains =  DOMNAME
>         idmap config DOMNAME:backend  = nss
>         idmap config DOMNAME:readonly = yes
> 
> in our case.
> 
> We are running 3.0.28 in security = ADS,
> and Linux gets the same usernames from NIS vis nss.
> 
> They are correctly mapped , and zhe windows security dialog shows
> DOMNAME\username
> 
> Regards
> 
> Hansjörg
> 
> 
> 
> 
> Nigel.Pain at scotland.gsi.gov.uk wrote:
> > Further information:
> >  
> > Someone suggested that the problem might be because of the 
> AD user names
> > being uppercase, which could be resolved with a usermap 
> file. There are
> > some AD user IDs that are uppercase (whereas all the UNIX ones are
> > lowercase). However, I thought that the automatic mapping 
> took care of
> > that? Also, I wanted to avoid having an explicit usermap 
> file as that's
> > one extra thing to manage. Maybe I'm expecting too much of Samba?
> >  
> > I tried configuring for a usermap file and adding an account mapping
> > into it. However, the security properties on the Windows side still
> > display the account in the form:
> >  
> > u123456 (Unix User\u123456)
> >  
> > Regards,
> > Nigel
> >
> > ---------------------------------------- 
> > Nigel Pain 
> > The Scottish Government 
> > Corporate Systems Support 
> > Information Systems and Information Services (ISIS) 
> > Victoria Quay 
> > EDINBURGH 
> > EH6 6QQ 
> > UK 
> >
> >
> > ********************************************************
> >
> > This e-mail (and any files or other attachments transmitted 
> with it) is intended solely for the attention of the 
> addressee(s).  Unauthorised use, disclosure, storage, copying 
> or distribution of any part of this e-mail is not permitted.  
> If you are not the intended recipient please destroy the 
> email, remove any copies from your system and inform the 
> sender immediately by return.
> >
> >  
> >
> > Communications with the Scottish Government may be 
> monitored or recorded in order to secure the effective 
> operation of the system and for other lawful purposes.  The 
> views or opinions contained within this e-mail may not 
> necessarily reflect those of the Scottish Government.
> >
> > ********************************************************
> >
> >
> > The original of this email was scanned for viruses by the 
> Government Secure Intranet virus scanning service supplied by 
> Cable&Wireless in partnership with MessageLabs. (CCTM 
> Certificate Number 2007/11/0032.) On leaving the GSi this 
> email was certified virus free.
> > Communications via the GSi may be automatically logged, 
> monitored and/or recorded for legal purposes.
> >   
> 
> -- 
> _________________________________________________________________
> 
> Deutsches Zentrum fuer Luft- und Raumfahrt e.V.
> in der Helmholtz-Gemeinschaft
> 
> Institut fuer Robotik und Mechatronik
> 
> Dr. Hansjörg Maurer
> 
> LAN- und Systemmanager
> 
> Münchner Strasse 20
> 82234 Wessling
> Germany 
> 
> Telefon: 08153/28-2431 
> Telefax: 08153/28-1134
> 
> E-Mail: Hansjoerg.Maurer at dlr.de
> Internet: http://www.robotic.dlr.de/
> 
> __________________________________________________________________
> 
> 
> There are 10 types of people in this world, 
> those who understand binary and those who don't.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list