-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
(OK, my first message got mangled because of the attachments, so I'm reposting)
I've got a samba 3 box that's part of an AD domain. It works correctly for most users; but there was a problem where certain users couldn't connect. We'd get a log message that looks like this:
Username SAMPLE.COM\pcuser is invalid on this system
It turns out that the users who could not connect are those who have a different unix username then their AD username. Even though I have a username map file set up, samba didn't seem to be using it.
This bug appeared somewhere between 3.0.2a and 3.0.6. When we were on 3.0.2a, the username map worked.
I looked at the code, and found a problem in smbd/sesssetup.c: reply_spnego_kerberos() calls map_username() with "DOMAIN\username" but map_username() expects the username without the domain.
So, as a workaround, I could change my usermap file to include the domain with the usernames; e.g.,
unixuser = pcuser SAMPLE.COM\pcuser
but that's kind of clunky. So instead I created a patch for source/smbd/sesssetup.c, which I put here:
http://www.avalon.net/~hakehoe/diff1.txt
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin)
iD8DBQFBZrp64uXPAG0A1J4RAoNFAJwMH1iAArYJA6RIDIECNIIsgl6q+ACcCtcK c1R0Xg1ureKLzMobLB4P+sE= =ghP7 -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba