Schmeling, Bernd
2002-Aug-15 00:02 UTC
[Samba] Winbind in Samba 2.2.5 not automatically mapping the NT users with corresponding UNIX accounts
Have you tried in smb.conf username map = /usr/local/samba/lib/domainuser.map winbind use default domain = no For every user you have to create an entry in the /usr/local/samba/lib/domainuser.map, that looks like <unixusername> = "<domainname>+<username>" I?m using a script that generates the domainuser.map automaticly, because our users are using NIS and Samba accounts with the same name. Bernd -----Original Message----- From: Wieprecht, Karen M. [mailto:Karen.Wieprecht@jhuapl.edu] Sent: Wednesday, August 14, 2002 8:54 PM To: 'samba@lists.samba.org' Subject: [Samba] Winbind in Samba 2.2.5 not automatically mapping the NT users with corresponding UNIX accounts Running the SGI freeware build of samba 2.2.5, using winbind successfully (wbinfo -u works like a champ)and security=domain. NT users with no corresponding UNIX account correctly map into a UID range listed in my smb.conf file, but NT users who happen to HAVE a corresponding UNIX account are mapping in as "domainname+username" instead of just "username". The fix for this used to be to set "winbind use default domain = yes", but that doesn't seem to do the trick at 2.2.5. I'm just not getting my username mapping to work as I expected. Yes, I know that the point of "security=domain" is so you don't have to have a corresponding UNIX account, but some users already have accounts on both platforms, and I would like to avoid making a username map for users whose usernames already match. Help with this would be appreciated, karen.wieprecht@jhuapl.edu -------------- next part -------------- HTML attachment scrubbed and removed
Wieprecht, Karen M.
2002-Aug-19 10:18 UTC
[Samba] Winbind in Samba 2.2.5 not automatically mapping the NT users with corresponding UNIX accounts
Here is the fix for the problem we were having: I had used "+" as my winbind separator. I changed it to an underscore, and my system (on which I use NIS) was then able to correctly find and match the NT username to the corresponding UNIX username without using a username map file. I assume I still need to have "winbind use default domain = yes" set to make this work, I didn't test without that parameter. Why did this matter? In the smb.conf man page winbind separator section, it says that "+" as a winbind separator can cause problems with group membership on some systems because + is used as a special character for NIS in /etc/group. Thinking that + might react adversely with NIS username lookups as well, I changed my winbind separator to something less controversial, and that seems to have fixed the problem. Hope this saves someone else some headaches, Karen Wieprecht karen.wieprecht@jhuapl.edu <mailto:karen.wieprecht@jhuapl.edu> -------------- next part -------------- HTML attachment scrubbed and removed
Apparently Analagous Threads
- rsync : old file dates generating error during nfs rsync session: Value Too large for defined data type
- 2.2.5 and NIS question
- Username map and UNIX UID assignments
- User nobody logging in to shares instead of domain us er
- NT user name doesn't match unix username when winbindd is runnin g