Marc-andré Labonté
2008-Jul-09 17:15 UTC
[Samba] login fails if smbusers is used to map domain admin to root.
Hi, i am trying to map the domain administrator to root using the smbusers file in order to be able to set file permissions from windows. Unfortunately, while the map itself seem to succeed, the logins fails. If i remove the relevant line in smbusers, login succeed but i lack superuser privileges. Here is log.smbd while trying to map administrator to root [2008/07/09 12:50:42, 4] smbd/map_username.c:map_username(145) Scanning username map /usr/local/samba/etc/smbusers [2008/07/09 12:50:42, 3] smbd/map_username.c:map_username(189) Mapped user DOMAIN\administrator to root [2008/07/09 12:50:42, 4] lib/substitute.c:automount_server(500) Home server: thumper [2008/07/09 12:50:42, 4] lib/substitute.c:automount_server(500) Home server: thumper [2008/07/09 12:50:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/09 12:50:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/09 12:50:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/09 12:50:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/09 12:50:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/09 12:50:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/09 12:50:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/09 12:50:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/09 12:50:42, 1] auth/auth_util.c:create_token_from_username(922) sid_to_gid(S-1-22-513) failed [2008/07/09 12:50:42, 3] smbd/error.c:error_packet_set(61) error packet at smbd/sesssetup.c(550) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2008/07/09 12:50:42, 3] smbd/process.c:smbd_process(2027) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting Here is my smbusers file: root = DOMAIN\administrator And my smb.conf file: workgroup = DOMAIN netbios name = thumper use kerberos keytab = yes security = ads encrypt passwords = yes realm = DOMAIN username map = /usr/local/samba/etc/smbusers allow trusted domains = no idmap backend = rid:DOMAIN=50000-100000000 idmap uid = 50000-100000000 idmap gid = 50000-100000000 winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes What worries me is the following line in log.smbd sid_to_gid(S-1-22-513) failed I think this is why login is failing but i have no clue where sid S-1-22-513 is coming from regards Marc-andr?
Volker Lendecke
2008-Jul-09 18:18 UTC
[Samba] login fails if smbusers is used to map domain admin to root.
On Wed, Jul 09, 2008 at 01:02:07PM -0400, Marc-andr? Labont? wrote:> What worries me is the following line in log.smbd > > I think this is why login is failing but i have no clue where sid > S-1-22-513 is coming fromMe neither. What version of Samba is that? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20080709/67954479/attachment.bin
Marc-andré Labonté
2008-Jul-11 17:00 UTC
[Samba] login fails if smbusers is used to map domain admin to root.
Still struggling to map the domain admin as root, i tried 3.0.30 on the same machine, username mapping work as usual with 3.0.30. Samba 3.2.0 must be doing something different. I also tried group mappings, prior to that, i've create local group users with gid = 513 net groupmap add sid=S-1-22-513 unixgroup=users type=d Still out of luck Marc-andr?