Alexey Toptygin wrote: > > I have a setup that looks roughly like: > > # cat smb.conf > [global] > security = ads > workgroup = company > realm = internal.company.com > password server = 192.168.1.2 > > netbios name = server > server string = Samba Server > name resolve order = wins bcast > > username map = /etc/samba/smbusers > map to guest = Bad User > invalid users = root > > [share] > comment = Test Share > path = /home/sambashare > browseable = yes > writeable = yes > map archive = no > map system = no > map hidden = no > create mask = 0775 > directory mask = 0775 > guest ok = yes > > # cat smbusers > !alexey = alexey > lab = * > > # > > ADS authentication works fine. > > When I log in with a user not known to the AD server, they get mapped to > guest, and get the permissions of the nobody account. This I like. > > When I log in with a user known to the AD server but != alexey, they get > mapped to lab and have the permissions of the lab account. This is good > too. > > However, when I log in as alexey (for example by doing `smbclient > //server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have > the permissions of the lab user. ps shows the child smbd process running > as user lab, new files are created as that user, etc.
Without winbind you will need to define the map entry as !alexy = internal.company.com\alexy The current usernamep map semantics is described in the releases notes for Samba 3.0.8 IIRC. cheers, jerry ===================================================================== Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca
signature.asc
Description: OpenPGP digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba