Re: [Samba] NT/UNIX username mapping possible directly via tdbsam?
"Gerald (Jerry) Carter" <[EMAIL PROTECTED]> said: > | The problem with 'username map' files is that the > | mappings seem to work only in one direction, namely > | from NT towards UNIX usernames. However, I'd like > | to achieve a true, bi-directional one-to-one > | mapping, e.g. between UNIX username 'root' and NT > | username 'Administrator'. > > What would you expect by "going in the reverse direction"? > Can you give me an example? Certainly. Assume again that I want to map UNIX username 'root' to Windows username 'Administrator' (and vice versa). Let's say I have a file on a UNIX machine owned by 'root'. When I then look at this file's security properties on a Windows machine (via Samba share) I will see a entry for 'DOMAIN\root'. I would prefer to see 'DOMAIN\Administrator'. The reason for this is that I am migrating an NT4 domain to Samba. Some users have quite long NT usernames, and I want to keep the corresponding UNIX account names short (max. 8 characters). However, it would be nice if this username change would be completely transparent (ie. not noticeable on Windows domain member clients). Understand that getting this to work is not essential, however it would make the server migration even more perfect and potentially avoid confusion with some users. > | The command 'pdbedit -Lv ' shows separate fields > | for both UNIX and NT usernames. > > I think the nt user name is essentially unused. Ah. That'd explain why 'pdbedit' doesn't have an option to manipulate this entry. :-) -- Dominik -- http://www.fastmail.fm - Access all of your messages and folders wherever you are -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT/UNIX username mapping possible directly via tdbsam?
"Craig White" <[EMAIL PROTECTED]> said: > Install 'Services for Unix' on your Windows system so they can have the > benefit of mapping Unix users to Windows users...at least that's what it > seems that you are trying to do. Hi Craig, At a first glance at SFU, it seems like it only maps usernames for NFS file sharing (but I might well be wrong). Also, I was hoping that the Samba server could do the name mapping itself, instead of leaving it to all the clients connecting to it. Anyway, thanks for the pointer, I will definitely have a closer look. -- Dominik -- http://www.fastmail.fm - Same, same, but differentÂ… -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT/UNIX username mapping possible directly via tdbsam?
On Mon, 2005-11-28 at 09:46 +0100, Dominik Schuppli wrote: > Hello everyone, > > I've been wondering if NT and UNIX username mapping can be done directly > via the SAM database instead of the 'username map = ' option > in smb.conf. > > The problem with 'username map' files is that the mappings seem to work > only in one direction, namely from NT towards UNIX usernames. However, > I'd like to achieve a true, bi-directional one-to-one mapping, e.g. > between UNIX username 'root' and NT username 'Administrator'. > > The command 'pdbedit -Lv ' shows separate fields for both UNIX > and NT usernames. (I'm using the tdbsam backend, btw.) Will Samba > operate correctly if those entries contain different usernames? > > I've enhanced 'pdbedit' on my system so that it allows manipulation of > the 'NT username' field. Is this smart or stupid? I haven't yet had the > opportunity to try this in a working Samba environment. Maybe someone > has technical advice or knowledge on what I'm trying to do? Install 'Services for Unix' on your Windows system so they can have the benefit of mapping Unix users to Windows users...at least that's what it seems that you are trying to do. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT/UNIX username mapping possible directly via tdbsam?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dominik Schuppli wrote: | Hello everyone, | | I've been wondering if NT and UNIX username mapping can | be done directly via the SAM database instead of | the 'username map = ' option in smb.conf. | | The problem with 'username map' files is that the | mappings seem to work only in one direction, namely | from NT towards UNIX usernames. However, I'd like | to achieve a true, bi-directional one-to-one | mapping, e.g. between UNIX username 'root' and NT | username 'Administrator'. What would you expect by "going in the reverse direction"? Can you give me an example? | The command 'pdbedit -Lv ' shows separate fields | for both UNIX and NT usernames. (I'm using the tdbsam | backend, btw.) Will Samba operate correctly if those | entries contain different usernames? I think the nt user name is essentially unused. | I've enhanced 'pdbedit' on my system so that it | allows manipulation of the 'NT username' field. Is this smart | or stupid? I haven't yet had the opportunity to try | this in a working Samba environment. Maybe someone | has technical advice or knowledge on what I'm trying to do? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDi03sIR7qMdg1EfYRAm0pAKDUSLwpiYRbIgXmkEnaf+2QQm04NACg3Vrk MkEzA6V2lqGShw8AJNR3FBg= =Htvj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
