Schmeling, Bernd
2002-Aug-15 00:02 UTC
[Samba] Winbind in Samba 2.2.5 not automatically mapping the NT users with corresponding UNIX accounts
Have you tried in smb.conf
username map = /usr/local/samba/lib/domainuser.map
winbind use default domain = no
For every user you have to create an entry in the
/usr/local/samba/lib/domainuser.map, that looks like
<unixusername> = "<domainname>+<username>"
I?m using a script that generates the domainuser.map automaticly, because
our users are using NIS and Samba accounts with the same name.
Bernd
-----Original Message-----
From: Wieprecht, Karen M. [mailto:Karen.Wieprecht@jhuapl.edu]
Sent: Wednesday, August 14, 2002 8:54 PM
To: 'samba@lists.samba.org'
Subject: [Samba] Winbind in Samba 2.2.5 not automatically mapping the NT
users with corresponding UNIX accounts
Running the SGI freeware build of samba 2.2.5, using winbind successfully
(wbinfo -u works like a champ)and security=domain.
NT users with no corresponding UNIX account correctly map into a UID range
listed in my smb.conf file, but NT users who happen to HAVE a corresponding
UNIX account are mapping in as "domainname+username" instead of just
"username".
The fix for this used to be to set "winbind use default domain =
yes", but
that doesn't seem to do the trick at 2.2.5. I'm just not getting my
username mapping to work as I expected. Yes, I know that the point of
"security=domain" is so you don't have to have a corresponding
UNIX account,
but some users already have accounts on both platforms, and I would like
to avoid making a username map for users whose usernames already match.
Help with this would be appreciated,
karen.wieprecht@jhuapl.edu
-------------- next part --------------
HTML attachment scrubbed and removed
Wieprecht, Karen M.
2002-Aug-19 10:18 UTC
[Samba] Winbind in Samba 2.2.5 not automatically mapping the NT users with corresponding UNIX accounts
Here is the fix for the problem we were having: I had used "+" as my
winbind separator. I changed it to an underscore, and my system (on which I
use NIS) was then able to correctly find and match the NT username to the
corresponding UNIX username without using a username map file. I assume I
still need to have "winbind use default domain = yes" set to make
this
work, I didn't test without that parameter.
Why did this matter? In the smb.conf man page winbind separator section,
it says that "+" as a winbind separator can cause problems with group
membership on some systems because + is used as a special character for NIS
in /etc/group. Thinking that + might react adversely with NIS username
lookups as well, I changed my winbind separator to something less
controversial, and that seems to have fixed the problem.
Hope this saves someone else some headaches,
Karen Wieprecht
karen.wieprecht@jhuapl.edu <mailto:karen.wieprecht@jhuapl.edu>
-------------- next part --------------
HTML attachment scrubbed and removed
Possibly Parallel Threads
- rsync : old file dates generating error during nfs rsync session: Value Too large for defined data type
- 2.2.5 and NIS question
- Username map and UNIX UID assignments
- User nobody logging in to shares instead of domain us er
- NT user name doesn't match unix username when winbindd is runnin g