From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Description of problem: Description of problem: The samba will not use the smbuser file to make mapping between a windows user and a unix user when using NT4 domain and latest samba version (3.0.9.x). configs: smb.conf workgroup = INTELLIA security = DOMAIN password server = erebus username map = /etc/samba/smbusers smbusers: root = administrator admin manumitn Version-Release number of selected component (if applicable): samba-3.0.9-1.3E.2 How reproducible: Always Steps to Reproduce: 1. Stop smb service: service smb stop 2. Set the configs of samba: smb.conf: workgroup = INTELLIA security = DOMAIN password server = erebus username map = /etc/samba/smbusers smbusers: root = administrator admin manumitn 2. Delete the dtb files: rm -f /etc/samba/secrets.tdb rm -f /var/cache/samba/*.dtb rm -f /var/cache/samba/*.dat 3. On the NT4 PDC, "server manager" delete the old entry for the machine. 4. Start smb service: service smb start 5- Join the domain: net rpc join -I 192.168.0.x -S erebus -w intellia -W intellia -U administrator%mypassword -s /etc/samba/smb.conf -l Joined domain INTELLIA. 6-Verify on the PDC if the machine is on it. GOOD. 7. Access the samba computer using windows and the user on the samba server is manumitn and not root as expected. Actual Results: The user (manumitn) connect on the machine with PDC credential without problem but I still have only the rights of manumitn not (root) Expected Results: Have "root" rights like expected on the version samba-3.0.7-1.3E.1 and older. Temporary solution for us, roll back to samba-3.0.7-1.3E.1 Additional info: Here is the trace get while looking to find if samba read the smbusers file: [2005/04/26 14:24:38, 3] lib/username.c:map_username(173) Mapped user manumitn to root
Shouldn't the smbusers file say root = INTELLIA\Administrator INTELLIA\admin INTELLIA\manumitn? According to the release notes: Common bugs fixed in 3.0.8 include: o Inconsistencies in the username map functionality when configured on domain member servers. Change in Username Map ---------------------- Previous Samba releases would only support reading the fully qualified username (e.g. DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. Samba 3.0.8 obeys the following rules when applying the username map functionality: * When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection. * When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated.
Yes it work very well. I am very sorry to make you lost your time on RTFM missing from my part. by the way, I am very impress by the rapidity and the service from RedHat. Tks again. Manuel Mitnyan