I have a setup that looks roughly like:
# cat smb.conf
[global]
security = ads
workgroup = company
realm = internal.company.com
password server = 192.168.1.2 netbios name = server
server string = Samba Server
name resolve order = wins bcast username map = /etc/samba/smbusers
map to guest = Bad User
invalid users = root[share]
comment = Test Share
path = /home/sambashare
browseable = yes
writeable = yes
map archive = no
map system = no
map hidden = no
create mask = 0775
directory mask = 0775
guest ok = yes# cat smbusers !alexey = alexey lab = *
#
ADS authentication works fine.
When I log in with a user not known to the AD server, they get mapped to guest, and get the permissions of the nobody account. This I like.
When I log in with a user known to the AD server but != alexey, they get mapped to lab and have the permissions of the lab account. This is good too.
However, when I log in as alexey (for example by doing `smbclient //server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have the permissions of the lab user. ps shows the child smbd process running as user lab, new files are created as that user, etc.
I think I'm doing something wrong womewhere, but I can't see what it is. Can someone clue me in?
Alexey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
