Re: [Samba] user mapping problem when seurity=ads
Alexey Toptygin wrote: I have a setup that looks roughly like: # cat smb.conf [global] security = ads workgroup = company realm = internal.company.com password server = 192.168.1.2 netbios name = server server string = Samba Server name resolve order = wins bcast username map = /etc/samba/smbusers map to guest = Bad User invalid users = root [share] comment = Test Share path = /home/sambashare browseable = yes writeable = yes map archive = no map system = no map hidden = no create mask = 0775 directory mask = 0775 guest ok = yes # cat smbusers !alexey = alexey lab = * # ADS authentication works fine. When I log in with a user not known to the AD server, they get mapped to guest, and get the permissions of the nobody account. This I like. When I log in with a user known to the AD server but != alexey, they get mapped to lab and have the permissions of the lab account. This is good too. However, when I log in as alexey (for example by doing `smbclient //server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have the permissions of the lab user. ps shows the child smbd process running as user lab, new files are created as that user, etc. Without winbind you will need to define the map entry as !alexy = internal.company.com\alexy The current usernamep map semantics is described in the releases notes for Samba 3.0.8 IIRC. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user mapping problem when seurity=ads
On Tue, 26 Apr 2005, Gerald (Jerry) Carter wrote: Without winbind you will need to define the map entry as !alexy = internal.company.com\alexy The current usernamep map semantics is described in the releases notes for Samba 3.0.8 IIRC. Thanks, that worked. I needed to put both the short and long form of the domain name to cover all cases, so now it looks like this: !alexey = alexey company\alexey internal.company.com\alexey Alexey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] user mapping problem when seurity=ads
I have a setup that looks roughly like: # cat smb.conf [global] security = ads workgroup = company realm = internal.company.com password server = 192.168.1.2 netbios name = server server string = Samba Server name resolve order = wins bcast username map = /etc/samba/smbusers map to guest = Bad User invalid users = root [share] comment = Test Share path = /home/sambashare browseable = yes writeable = yes map archive = no map system = no map hidden = no create mask = 0775 directory mask = 0775 guest ok = yes # cat smbusers !alexey = alexey lab = * # ADS authentication works fine. When I log in with a user not known to the AD server, they get mapped to guest, and get the permissions of the nobody account. This I like. When I log in with a user known to the AD server but != alexey, they get mapped to lab and have the permissions of the lab account. This is good too. However, when I log in as alexey (for example by doing `smbclient //server/share -WCOMPANY -Ualexey`), I still get mapped to lab and have the permissions of the lab user. ps shows the child smbd process running as user lab, new files are created as that user, etc. I think I'm doing something wrong womewhere, but I can't see what it is. Can someone clue me in? Alexey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba