Marc-andré Labonté
2008-Jul-09 17:15 UTC
[Samba] login fails if smbusers is used to map domain admin to root.
Hi,
i am trying to map the domain administrator to root using the
smbusers file in order to be able to set file permissions from windows.
Unfortunately, while the map itself seem to succeed, the logins fails.
If i remove the relevant line in smbusers, login succeed but i lack
superuser privileges.
Here is log.smbd while trying to map administrator to root
[2008/07/09 12:50:42, 4] smbd/map_username.c:map_username(145)
Scanning username map /usr/local/samba/etc/smbusers
[2008/07/09 12:50:42, 3] smbd/map_username.c:map_username(189)
Mapped user DOMAIN\administrator to root
[2008/07/09 12:50:42, 4] lib/substitute.c:automount_server(500)
Home server: thumper
[2008/07/09 12:50:42, 4] lib/substitute.c:automount_server(500)
Home server: thumper
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/07/09 12:50:42, 1] auth/auth_util.c:create_token_from_username(922)
sid_to_gid(S-1-22-513) failed
[2008/07/09 12:50:42, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/sesssetup.c(550) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/07/09 12:50:42, 3] smbd/process.c:smbd_process(2027)
receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
Here is my smbusers file:
root = DOMAIN\administrator
And my smb.conf file:
workgroup = DOMAIN
netbios name = thumper
use kerberos keytab = yes
security = ads
encrypt passwords = yes
realm = DOMAIN
username map = /usr/local/samba/etc/smbusers
allow trusted domains = no
idmap backend = rid:DOMAIN=50000-100000000
idmap uid = 50000-100000000
idmap gid = 50000-100000000
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
What worries me is the following line in log.smbd
sid_to_gid(S-1-22-513) failed
I think this is why login is failing but i have no clue where sid
S-1-22-513 is coming from
regards
Marc-andr?
Volker Lendecke
2008-Jul-09 18:18 UTC
[Samba] login fails if smbusers is used to map domain admin to root.
On Wed, Jul 09, 2008 at 01:02:07PM -0400, Marc-andr? Labont? wrote:> What worries me is the following line in log.smbd > > I think this is why login is failing but i have no clue where sid > S-1-22-513 is coming fromMe neither. What version of Samba is that? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20080709/67954479/attachment.bin
Marc-andré Labonté
2008-Jul-11 17:00 UTC
[Samba] login fails if smbusers is used to map domain admin to root.
Still struggling to map the domain admin as root, i tried 3.0.30 on the same machine, username mapping work as usual with 3.0.30. Samba 3.2.0 must be doing something different. I also tried group mappings, prior to that, i've create local group users with gid = 513 net groupmap add sid=S-1-22-513 unixgroup=users type=d Still out of luck Marc-andr?