Hi to all.. I've setup a Samba domain and now having a hard time setting up Unix to Windows user mapping. As an example on the server, user is 'agi', and at the workstation I want an 'Alec Joseph' as the user name. If I log on from a Linux desktop using the alias connection goes through: # sudo tail -f /usr/local/samba/var/log.smbd | grep 'Alec Joseph' Got user=[Alec Joseph] domain=[RIVERA-HOME] workstation=[THREEPIO] len1=24 len2=24 Mapped user Alec Joseph to agi check_ntlm_password: Checking password for unmapped user [RIVERA-HOME]\[Alec Joseph]@[THREEPIO] with the new password interface check_ntlm_password: sam authentication for user [Alec Joseph] succeeded check_ntlm_password: authentication for user [Alec Joseph] -> [agi] -> [agi] succeeded register_existing_vuid: User name: agi Real name: Alec Joseph Rivera,,, However, on a Windows workstation, I can not log on and getting these on the log: SAM Logon (Interactive). Domain:[RIVERA-HOME]. User:[Alec Joseph@HAN] Requested Domain:[RIVERA-HOME] check_ntlm_password: Checking password for unmapped user [RIVERA-HOME]\[Alec Joseph]@[HAN] with the new password interface check_ntlm_password: mapped user is: [RIVERA-HOME]\[Alec Joseph]@[HAN] check_sam_security: Couldn't find user 'Alec Joseph' in passdb. check_ntlm_password: Authentication for user [Alec Joseph] -> [Alec Joseph] FAILED with error NT_STATUS_NO_SUCH_USER From what I understand, the Windows workstation is forcing a lookup on the tdbsamdb backend right? On the manuals I've read that the mapping is done after the authentication... How can I get the same behavior as from a Linux workstation? Also I can see on the logs a "Error permission denied" on the username map file, is this in a way related? Thanks... Ohayou gozaimas, Agi
On Sat, Nov 22, 2008 at 4:34 AM, Alec Joseph Rivera <eijhei@gmail.com> wrote:> Hi to all.. > > I've setup a Samba domain and now having a hard time setting up Unix to > Windows user mapping. As an example on the server, user is 'agi', and at the > workstation I want an 'Alec Joseph' as the user name. If I log on from a > Linux desktop using the alias connection goes through: > > # sudo tail -f /usr/local/samba/var/log.smbd | grep 'Alec Joseph' > > Got user=[Alec Joseph] domain=[RIVERA-HOME] workstation=[THREEPIO] len1=24 > len2=24 > Mapped user Alec Joseph to agi > check_ntlm_password: Checking password for unmapped user > [RIVERA-HOME]\[Alec Joseph]@[THREEPIO] with the new password interface > check_ntlm_password: sam authentication for user [Alec Joseph] succeeded > check_ntlm_password: authentication for user [Alec Joseph] -> [agi] -> > [agi] succeeded > register_existing_vuid: User name: agi Real name: Alec Joseph > Rivera,,, > > However, on a Windows workstation, I can not log on and getting these on the > log: > > SAM Logon (Interactive). Domain:[RIVERA-HOME]. User:[Alec Joseph@HAN] > Requested Domain:[RIVERA-HOME] > check_ntlm_password: Checking password for unmapped user > [RIVERA-HOME]\[Alec Joseph]@[HAN] with the new password interface > check_ntlm_password: mapped user is: [RIVERA-HOME]\[Alec Joseph]@[HAN] > check_sam_security: Couldn't find user 'Alec Joseph' in passdb. > check_ntlm_password: Authentication for user [Alec Joseph] -> [Alec Joseph] > FAILED with error NT_STATUS_NO_SUCH_USER > > From what I understand, the Windows workstation is forcing a lookup on the > tdbsamdb backend right? On the manuals I've read that the mapping is done > after the authentication... > > How can I get the same behavior as from a Linux workstation? Also I can see on > the logs a "Error permission denied" on the username map file, is this in a > way related? > > Thanks... > > Ohayou gozaimas, > AgiGreetings, Might be nice to see your smb.conf file, less anything that might be a security issue.
On Sunday 23 November 2008 10:07:00 pm Richard Nelson wrote:> Greetings, > > Do you have entries in smbpasswd file for these users with the correct > password? > > Thanks.Yup I have those on the password file.. I'm able to logon from a Linux client when the username is either 'agi', 'Alec' or 'Alec Joseph'. On the Windows client, however, only the 'agi' (which is the Unix username) will work. I stumbled upon this only because 'wing' asked me if she can use 'Jo Annelyn' instead. I thought I would be straightforward to use the username mapping because on the Linux workstation it just works... I'm clearly missing something... Thanks.