[Samba] login fails if smbusers is used to map domain admin to root.

Marc-andré Labonté marc-andre.labonte at mail.mcgill.ca
Wed Jul 9 17:02:07 GMT 2008


Hi,

    i am trying to map the domain administrator to root using the
smbusers file in order to be able to set file permissions from windows. 
Unfortunately, while the map itself seem to succeed, the logins fails. 
If i remove the relevant line in smbusers, login succeed but i lack
superuser privileges.

Here is log.smbd while trying to map administrator to root

[2008/07/09 12:50:42,  4] smbd/map_username.c:map_username(145)
  Scanning username map /usr/local/samba/etc/smbusers
[2008/07/09 12:50:42,  3] smbd/map_username.c:map_username(189)
  Mapped user DOMAIN\administrator to root
[2008/07/09 12:50:42,  4] lib/substitute.c:automount_server(500)
  Home server: thumper
[2008/07/09 12:50:42,  4] lib/substitute.c:automount_server(500)
  Home server: thumper
[2008/07/09 12:50:42,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42,  3] smbd/uid.c:push_conn_ctx(357)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/07/09 12:50:42,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/07/09 12:50:42,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42,  3] smbd/uid.c:push_conn_ctx(357)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/07/09 12:50:42,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/07/09 12:50:42,  1] auth/auth_util.c:create_token_from_username(922)
  sid_to_gid(S-1-22-513) failed
[2008/07/09 12:50:42,  3] smbd/error.c:error_packet_set(61)
  error packet at smbd/sesssetup.c(550) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/07/09 12:50:42,  3] smbd/process.c:smbd_process(2027)
  receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting

Here is my smbusers file:
root = DOMAIN\administrator

And my smb.conf file:

workgroup = DOMAIN
netbios name = thumper
use kerberos keytab = yes
security = ads
encrypt passwords = yes
realm = DOMAIN

username map = /usr/local/samba/etc/smbusers
allow trusted domains = no
idmap backend = rid:DOMAIN=50000-100000000
idmap uid = 50000-100000000
idmap gid = 50000-100000000

winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes


What worries me is the following line in log.smbd

sid_to_gid(S-1-22-513) failed

I think this is why login is failing but i have no clue where sid
S-1-22-513 is coming from

regards

Marc-andré




More information about the samba mailing list