Bug 156308 - Samba smbuser fonctionality broke.
Samba smbuser fonctionality broke.
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: samba (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2005-04-28 16:10 EDT by Manuel Mitnyan
Modified: 2014-08-31 19:27 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-29 15:59:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Manuel Mitnyan 2005-04-28 16:10:03 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2

Description of problem:
Description of problem:
The samba will not use the smbuser file to make mapping between a windows user and a unix user when using NT4 domain and latest samba version (3.0.9.x).

configs: smb.conf
   workgroup = INTELLIA
   security = DOMAIN
   password server = erebus
  username map = /etc/samba/smbusers

root = administrator admin manumitn

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Stop smb service: service smb stop
2. Set the configs of samba:
   workgroup = INTELLIA
   security = DOMAIN
   password server = erebus
  username map = /etc/samba/smbusers

root = administrator admin manumitn

2. Delete the dtb files:
rm -f /etc/samba/secrets.tdb
rm -f /var/cache/samba/*.dtb
rm -f /var/cache/samba/*.dat

3. On the NT4 PDC, "server manager" delete the old entry for the machine.
4. Start smb service: service smb start

5- Join the domain: net rpc join -I 192.168.0.x -S erebus -w intellia -W intellia -U administrator%mypassword -s /etc/samba/smb.conf -l
Joined domain INTELLIA.

6-Verify on the PDC if the machine is on it. 

7. Access the samba computer using windows and the user on the samba server is manumitn and not root as expected.

Actual Results:  The user (manumitn) connect on the machine with PDC credential without problem but I still have only the rights of manumitn not (root)

Expected Results:  Have "root" rights like expected on the version samba-3.0.7-1.3E.1 and older.

Temporary solution for us, roll back to samba-3.0.7-1.3E.1

Additional info:

Here is the trace get while looking to find if samba read the smbusers file:
[2005/04/26 14:24:38, 3] lib/username.c:map_username(173)
  Mapped user manumitn to root
Comment 1 Jay Fenlason 2005-04-29 15:12:17 EDT
Shouldn't the smbusers file say 
root = INTELLIA\Administrator INTELLIA\admin INTELLIA\manumitn? 
According to the release notes: 
Common bugs fixed in 3.0.8 include: 
  o Inconsistencies in the username map functionality when 
    configured on domain member servers. 
Change in Username Map 
Previous Samba releases would only support reading the fully qualified 
username (e.g. DOMAIN\user) from the username map when performing a    
kerberos login from a client.  However, when looking up a map       
entry for a user authenticated by NTLM[SSP], only the login name would be 
used for matches.  This resulted in inconsistent behavior sometimes       
even on the same server.                                            
Samba 3.0.8 obeys the following rules when applying the username 
map functionality:                                               
  * When performing local authentication, the username map is 
    applied to the login name before attempting to authenticate 
    the connection.                                             
  * When relying upon a external domain controller for validating 
    authentication requests, smbd will apply the username map     
    to the fully qualified username (i.e. DOMAIN\user) only   
    after the user has been successfully authenticated.     
Comment 2 Manuel Mitnyan 2005-04-29 15:37:44 EDT
Yes it work very well.

I am very sorry to make you lost your time on RTFM missing from my part.
by the way, I am very impress by the rapidity and the service from
RedHat. Tks again.

Manuel Mitnyan

Note You need to log in before you can comment on or make changes to this bug.