[Samba] User Authentication and Username Map

Richard Nelson unixabg at gmail.com
Sat Nov 22 17:26:48 GMT 2008 

On Sat, Nov 22, 2008 at 4:34 AM, Alec Joseph Rivera <eijhei at gmail.com> wrote:
> Hi to all..
>
> I've setup a Samba domain and now having a hard time setting up Unix to
> Windows user mapping. As an example on the server, user is 'agi', and at the
> workstation I want an 'Alec Joseph' as the user name. If I log on from a
> Linux desktop using the alias connection goes through:
>
> # sudo tail -f /usr/local/samba/var/log.smbd | grep 'Alec Joseph'
>
>  Got user=[Alec Joseph] domain=[RIVERA-HOME] workstation=[THREEPIO] len1=24
> len2=24
>  Mapped user Alec Joseph to agi
>  check_ntlm_password:  Checking password for unmapped user
> [RIVERA-HOME]\[Alec Joseph]@[THREEPIO] with the new password interface
>  check_ntlm_password: sam authentication for user [Alec Joseph] succeeded
>  check_ntlm_password:  authentication for user [Alec Joseph] -> [agi] ->
> [agi] succeeded
>  register_existing_vuid: User name: agi        Real name: Alec Joseph
> Rivera,,,
>
> However, on a Windows workstation, I can not log on and getting these on the
> log:
>
>  SAM Logon (Interactive). Domain:[RIVERA-HOME].  User:[Alec Joseph at HAN]
> Requested Domain:[RIVERA-HOME]
>  check_ntlm_password:  Checking password for unmapped user
> [RIVERA-HOME]\[Alec Joseph]@[HAN] with the new password interface
>  check_ntlm_password:  mapped user is: [RIVERA-HOME]\[Alec Joseph]@[HAN]
>  check_sam_security: Couldn't find user 'Alec Joseph' in passdb.
>  check_ntlm_password:  Authentication for user [Alec Joseph] -> [Alec Joseph]
> FAILED with error NT_STATUS_NO_SUCH_USER
>
> From what I understand, the Windows workstation is forcing a lookup on the
> tdbsamdb backend right? On the manuals I've read that the mapping is done
> after the authentication...
>
> How can I get the same behavior as from a Linux workstation? Also I can see on
> the logs a "Error permission denied" on the username map file, is this in a
> way related?
>
> Thanks...
>
> Ohayou gozaimas,
> Agi

Greetings,

Might be nice to see your smb.conf file, less anything that might be a
security issue.

More information about the samba mailing list