On Wed, Aug 24, 2005 at 03:26:23PM -0400, Boehm, Eric [GWRTP:CM21:EXCH] wrote: >>>>> "Eric" == Boehm, Eric [GWRTP:CM21:EXCH] <Boehm> writes:
Eric> I'm a bit puzzled. I am able to map an account without any Eric> problem on Samba 2.2.8a (security=domain). However, access Eric> fails with Samba 3.0.14a when everything else is the same Eric> (same configuration files). Eric> Any advice as to the cause of the problems (and its Eric> solution) would be appreciated. I'll follow up and answer my own question. The problem is that I didn't understand the Release notes for 3.0.8 ====================== Change in Username Map ====================== Previous Samba releases would only support reading the fully qualified username (e.g. DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. Samba 3.0.8 obeys the following rules when applying the username map functionality: * When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection. * When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated. Previously, I had used unix_user = windows_user After reading the notes above, I tried DOMAIN\unix_user = windows_user I should have used (and this did work) unix_user = DOMAIN\windows_user -- Eric M. Boehm /"\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba