[Samba] Users mapping in security tab
tizo
tizone at gmail.com
Fri Aug 20 10:57:28 MDT 2010
Hi there,
I have a Samba installation acting as a Domain Member with a disk share (the
partiton is mounted with acl and user_xattr options). I am not using
winbind, because I want the domain users to be mapped to Unix users.
Everything works right, excepting the users in the Windows Explorer security
tab. I will try to explain the situation with an example.
I have username map, that maps Administrator and domainuser into root and
unixuser respectively. I also have another user that do not need the
mapping, as the username is the same in both systems. The three users can
login correctly to the share, and when a user creates a file, the owner of
the new file is the mapped user corresponding to the logged user.
The problem arise in the Windows Explorer security tab of a file. The users
seen there, are the Unix users and not the domain ones; for example, I can
see something like "unixuser (Unix User\unixuser)" or for groups "unixgroup
(Unix Group\unixgroup)". I can modify the permissions of an entry here (and
the modifications can be seen in the Posix ACLs in the file), but I cannot
add another user. For example, in a file that I do not have the unixuser
entry, I click the Add button, search for domainuser (of course, unixuser
cannot be obtained from here), add him, set some permissions, and when I
click "Apply" the new entry dissapears. In that moment, the Samba log says
something like (and the symptoms are the same for the users in the map, and
for the user that have the same username on both systems):
smbd/posix_acls.c:create_canon_ace_lists(1510)
create_canon_ace_lists: unable to map SID
X-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX to uid or gid.
So, I guess that Samba is not using the same mechanism for the login, than
for administering ACLs. Maybe that is not possible; I simply do not know
because I am relatively new to Samba. Can someone explain how Samba should
work with the security tab?. Shouldn't it map users in both directions so
from Windows only domain users can be seen?
My smb.conf:
[global]
workgroup = DUMMY
netbios name = PRUEBA-ARCHIVOS
server string = %h (Samba %v)
security = DOMAIN
username map = /etc/samba/mapeousuarios
log level = 2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = wins host bcast
wins server = 192.168.X.X, 192.168.X.X
panic action = /usr/share/samba/panic-action %d
[datos-usu]
path = /exports/datos
read only = No
map acl inherit = Yes
store dos attributes = Yes
Thanks very much,
tizo
More information about the samba
mailing list