Ken Stone
2003-Jul-17 00:10 UTC
[Samba] Question on use of a username map file and security=domain interactions ?
Hi ....
I'm looking for thoughts/experiences when the following conditions are met
...
I have 2 users .... say Sam Smith and Jeff Smith
On UNIX (on the samba server) their logins are
Walt Smith = "smith"
Jeff Smith = "jsmith
On the NT DOMAIN side, their logins are
Walt Smith = "wsmith"
Jeff Smith = "smith"
In my smb.config file, I have
security = domain [ and all the stuff that goes with it]
username map = /samba/lib/name-maps
And in name-maps, I have
smith = wsmith
jsmith = smith
Note the re-use of the word "smith" on both sides ....
And the issue is that when Walt Smith mounts \\samba\wsmith from his pc, he
actually gets Jeff Smith's home directory and has the permissions as though
he was Jeff Smith on UNIX .... not good .... And if he mounts \\samba\smith
then he gets his home directory but has the permissions as though he was
Jeff Smith on UNIX ... still bad ... It almost seems as though the name
mapping is occuring recursively somehow ?
The server in question is an old 2.0.6-pre1 version but I also have a 2.2.9pre1
server that shows issues along the same thing but behaves a bit differently.
Please reply to me directly so I don't miss it in all the noise !!
Thanks
-- Ken
Don McCall
2003-Jul-17 16:49 UTC
[Samba] Question on use of a username map file and security=domain interactions ?
Hi ken, issue is that mapping continues to happen, so what you see is the following: ntusername wsmith gets mapped to unix 'smith'; now the smith username is used to continue parsing thru the user map file, and matches smith on the right side, so he gets finally mapped to jsmith on the left. In other words, we parse thru the entire map file, and continue mapping until there are no more right side matches... So for your issue, for instance, if you reversed the names in your mapfile: jsmith=smith smith=wsmith I think you would be ok. he would come in as nt user smith, get mapped to jsmith, and jsmith doesn't have another rightside match. Hope this helps, Don Ken Stone <ken@sdd.hp.com> wrote: Hi .... I'm looking for thoughts/experiences when the following conditions are met ... I have 2 users .... say Sam Smith and Jeff Smith On UNIX (on the samba server) their logins are Walt Smith = "smith" Jeff Smith = "jsmith On the NT DOMAIN side, their logins are Walt Smith = "wsmith" Jeff Smith = "smith" In my smb.config file, I have security = domain [ and all the stuff that goes with it] username map = /samba/lib/name-maps And in name-maps, I have smith = wsmith jsmith = smith Note the re-use of the word "smith" on both sides .... And the issue is that when Walt Smith mounts \\samba\wsmith from his pc, he actually gets Jeff Smith's home directory and has the permissions as though he was Jeff Smith on UNIX .... not good .... And if he mounts \\samba\smith then he gets his home directory but has the permissions as though he was Jeff Smith on UNIX ... still bad ... It almost seems as though the name mapping is occuring recursively somehow ? The server in question is an old 2.0.6-pre1 version but I also have a 2.2.9pre1 server that shows issues along the same thing but behaves a bit differently. Please reply to me directly so I don't miss it in all the noise !! Thanks -- Ken -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --------------------------------- Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!