I have a setup that looks roughly like:
# cat smb.conf [global] security = ads workgroup = company realm = internal.company.com password server = 192.168.1.2
netbios name = server server string = Samba Server name resolve order = wins bcast
username map = /etc/samba/smbusers map to guest = Bad User invalid users = root
[share] comment = Test Share path = /home/sambashare browseable = yes writeable = yes map archive = no map system = no map hidden = no create mask = 0775 directory mask = 0775 guest ok = yes
# cat smbusers !alexey = alexey lab = *
#
ADS authentication works fine.
When I log in with a user not known to the AD server, they get mapped to guest, and get the permissions of the nobody account. This I like.
When I log in with a user known to the AD server but != alexey, they get mapped to lab and have the permissions of the lab account. This is good too.
However, when I log in as alexey (for example by doing `smbclient //server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have the permissions of the lab user. ps shows the child smbd process running as user lab, new files are created as that user, etc.
I think I'm doing something wrong womewhere, but I can't see what it is. Can someone clue me in?
Alexey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba