[Samba] Mapping usernames

GARCIA CABALLERO Jordi Jordi.GARCIA at oami.europa.eu
Wed Sep 30 02:23:55 MDT 2009 

Hi Gary

Thanks for the quick answer.

The first solution works fine and it is right for me. But indeed, what I
want to set is group mappings instead of user mappings. In order to do
that I created a share with a determined unix group and I map a Windows
group to that unix group following the instructions given in the link
below. Then, I add my Windows user to the Windows group, but it does not
work. Is it simple as this? Do I need to use "force group"?

http://samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

Thanks in advance,

IT Infrastructure & Operations Service // ITD - OHIM

Services Provided by

Jordi GARCIA - OPERATIONS Unix Admin

FUJITSU SERVICES
 
-----Original Message-----
From: Gary Dale [mailto:garydale at rogers.com] 
Sent: 29 September 2009 17:39
Cc: samba at lists.samba.org
Subject: Re: [Samba] Mapping usernames

I suspect that the problem is that Samba is looking up the Windows name 
and simply mapping to the first instance it finds.

A work-around would be to use the "force user" setting on the share. 
Allow garcijo access then force the user to be mpcadmin.

You may also want to consider your strategy for setting permissions. Why

bother with Unix accounts when Windows accounts can do what you want? 
Open up the share to a larger Unix group but set the Windows permissions

to just give access to the person you want.


GARCIA CABALLERO Jordi wrote:
> Dear all
>
>  
>
> I am trying to configure samba username map file in order to map the
> same user from a windows domain to 2 different unix users:
>
>  
>
> Map to = map from
>
>  
>
> bea = PRODUCTION\garcijo
>
> mpcadmin = PRODUCTION\garcijo
>
>  
>
> but only works for the first map in the map file. When I try to use a
> share with permissions for mpcadmin unix user, I realize that smbd
takes
> the first map (bea user) and then it makes the authentication with the
> user PRODUCTION\garcijo. Then it checks whether user bea has
permissions
> to the that share which it is not and it eventually fails. I try to
put
> exclamation mark at the beginning of the map but it does not work
> either.
>
>  
>
> I did not find any way to fix it. Any ideas? Any workaround?
>
>  
>
> Any help will be much appreciated.
>
>  
>
> Regards,
>
>  
>
> IT Infrastructure & Operations Service // ITD - OHIM
>
> Services Provided by
>
> Jordi GARCIA - OPERATIONS Unix Admin
>
> FUJITSU SERVICES
>
> E-mail:        Jordi.GARCIA at oami.europa.eu
>
> Phone:        Fixed #9777 - Mobile #5777
>
>  
>
>
************************************************************************
**********************
> IMPORTANT: This message is intended exclusively for information
purposes. It cannot be considered as an 
> official OHIM communication concerning procedures laid down in the
Community Trade Mark Regulations 
> and Designs Regulations. It is therefore not legally binding on the
OHIM for the purpose of those procedures.
> The information contained in this message and attachments is intended
solely for the attention and use of the 
> named addressee and may be confidential. If you are not the intended
recipient, you are reminded that the 
> information remains the property of the sender. You must not use,
disclose, distribute, copy, print or rely on this 
> e-mail. If you have received this message in error, please contact the
sender immediately and irrevocably 
> delete or destroy this message and any copies.
>
>
************************************************************************
**********************
>   
**********************************************************************************************
IMPORTANT: This message is intended exclusively for information purposes. It cannot be considered as an 
official OHIM communication concerning procedures laid down in the Community Trade Mark Regulations 
and Designs Regulations. It is therefore not legally binding on the OHIM for the purpose of those procedures.
The information contained in this message and attachments is intended solely for the attention and use of the 
named addressee and may be confidential. If you are not the intended recipient, you are reminded that the 
information remains the property of the sender. You must not use, disclose, distribute, copy, print or rely on this 
e-mail. If you have received this message in error, please contact the sender immediately and irrevocably 
delete or destroy this message and any copies.

**********************************************************************************************

More information about the samba mailing list