Red Hat Bugzilla – Bug 142620
Linux/Unix ID mapping is broken
Last modified: 2014-08-31 19:26:59 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041110 Firefox/1.0 Description of problem: I have a user with a different name in linux and the win domain. All other users can access the shares, but not this one. Version-Release number of selected component (if applicable): samba-3.0.9-1.fc3 How reproducible: Always Steps to Reproduce: 1. in /etc/samba/smbusers: LinUID = WinUID 2. I use security = domain and the machine is registered at the DC level. 3. All windows users can access the shares exported by the linux server as long as there LinUID and WinUID are the same. When the IDs are different, the user cannot login. Actual Results: Here is what I see in /var/log/samba/WinMachine.log: check_ntlm_password: Authentication for user [WinUID] -> [LinUID] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: mapped user is: [WkGroup]\[LinUID]@[WinMachine] That seems wrong. Shouldn't the mapped user be [WkGroup]\[WinUID]@[WinMachine]? Expected Results: I have exactly the same settings on a Suse 9.1 box running samba-3.0.4-1.34.3 and everything is working fine there. Additional info: I tried to look in all other reports about samba. Sorry if this is a dupe.
I reverted to samba-3.0.8-0.pre1.3 and the user mapping works again.
The problem is still there wih samba-3.0.10-1.fc3. No one cares? Am I sending messages to a black hole? This is getting frustrating.
Reopened #1772 in samba bugs db: https://bugzilla.samba.org/show_bug.cgi?id=1772
Many thanks to Kaare Hviid, a tenacious Debian user, who found the solution. The fix for security=domain is to use: LinUID = DOMAIN\WinUID in /etc/samba/smbusers. Warning, this is not backward compatible and will not work for security=user