Vladimir Yumashev
2003-Feb-06 14:51 UTC
[Samba] Strange "username map" behaviour with "security=user"
I use Samba 2.2.0 on small network. I use "security = user" and "username map" to map some Win-users to unix users. I have simple testing file with username mapping: root = vlad It is supposed that when I connect to samba as user "Vlad" with vlad's password I get the root's rigths to shares. Right? But when I try to connect to samba as "vlad" it tries to authorize me as samba user "root" and tries to find user "root" in passdb. Why? I see the following lines in logfile: -------- [2003/02/06 06:26:20, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'root' in passdb. [2003/02/06 06:26:20, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'root' in passdb. [2003/02/06 06:26:20, 1] smbd/reply.c:reply_sesssetup_and_X(1001) Rejecting user 'root': authentication failed -------- Username mapping works as it is described in manual when I set "security = domain" and join samba to NT domain. Then when I connect to samba as domain user "vlad" samba and domain controller authorize me as "vlad" against vlad's password. Then samba maps me to root. So I have root's rigths to files in shares and logfile tells me: ----- [2003/02/06 06:55:40, 1] smbd/service.c:make_connection(636) vladimir (192.168.100.10) connect to service tmp as user root (uid=0, gid=0) (pid 31605) ----- Thanks, Vladimir
Gerald (Jerry) Carter
2003-Feb-12 20:24 UTC
[Samba] Strange "username map" behaviour with "security=user"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 6 Feb 2003, Vladimir Yumashev wrote:> I use Samba 2.2.0 on small network. I use "security = user" and > "username map" to map some Win-users to unix users. I have simple > testing file with username mapping: > root = vlad > It is supposed that when I connect to samba as user > "Vlad" with vlad's password I get the root's rigths to shares. Right? > But when I try to connect to samba as "vlad" it tries to authorize me as > samba user "root" and tries to find user "root" in passdb. Why?username mapping takes place before authentication. This is by design. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+Sq1kIR7qMdg1EfYRAlzhAKCMyjr+qUKx/ps/e1Ip94TNq+cKzgCgw1Ha CTRyLpqiG2zvEfQsm7WG/tM=f0yg -----END PGP SIGNATURE-----