Celeste Suliin Burris
2004-Sep-09 20:21 UTC
[Samba] "username map" parameter not working after upgrade to SAMBA 3
I have been using the "username map" parameter for some time on various versions of Samba 2, and it has worked nicely. Last week I upgraded to Samba 3 and integrated with Active Directory. Since I am using Solaris 8, and "nsswitch.conf" doesn't support winbindd, I am using the "add user script" parameter to add users. What is happening is that users in the "username map" are getting added, even though their names were previously resolving correctly. Everything else works pretty well, so I'm not sure what is going on. Help would be appreciated. My "smb.conf" file follows - # Global parameters [global] workgroup = tacoma netbios name = GEOBASE1 server string = TEDD Sun Server interfaces = 131.191.215.40/255.255.255.0 # security = DOMAIN security = ads realm = TACOMA.LCL encrypt passwords = Yes min passwd length = 8 password server = * name resolve order = host wins deadtime = 30 preferred master = False local master = No domain master = False wins server = 131.191.129.31 winbind cache time = 36000 printer admin = @printadm create mask = 0775 nt acl support = yes template shell = /bin/false template homedir = /export/home/geobase1/%U username map = /usr/local/samba/lib/users.map invalid users = smsadmin1 # separate domain and username with "/", like DOMAIN/username winbind separator = / # use UIDs from 10000 to 20000 for domain users idmap uid = 10000-20000 idmap gid = 10000-20000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes winbind use default domain = yes # Allow Samba to add accounts for new users winbind enable local accounts = yes add user script = /usr/sbin/useradd -g nobody -d /tmp -s /bin/false -m %u delete user script = /usr/sbin/userdel %u print command = /usr/bin/lp -d%p -o nobanner -Traw -s %s -c; rm %s veto oplock files = /*.nit/*.dat/*.dir/*.adf/ [printers] path = /var/spool/smbprint printable = true guest ok = true [print$] comment = Windows Printer Drivers path = /usr/local/samba/printdrv write list = csburris, @printadm guest ok = Yes [2kprint] comment = Windows NT4 Printer Drivers path = /usr/local/samba/drivers/2kprint write list = @printadm guest ok = Yes [tedplot3] comment = TEDD HP Designjet 1055cm path = /var/spool/smbprint create mask = 0700 guest ok = Yes printable = Yes printer name = tedplot3 [teddlbls] comment = 9th Flr Epson 2170 - Labels Only path = /var/spool/smbprint create mask = 0700 guest ok = Yes printable = Yes printer name = teddlbls [pdgmtrn1] comment = TEDD HP 4m near NGY's desk path = /var/spool/smbprint create mask = 0700 guest ok = Yes printable = Yes printer name = pdgmtrn1_2 [pdsuis1] comment = DataProducts Printer in equipment room path = /var/spool/smbprint create mask = 0700 guest ok = Yes printable = Yes printer name = pdsuis1 [pdshpplt] comment = TEDD HP Designjet 755cm in equipment room path = /var/spool/smbprint create mask = 0700 guest ok = Yes printable = Yes printer name = PDS_HPPlt_2 [gisinstl] comment = ESRI Install Point path = /gis_install/gisinstl browseable = No write list = @sysadmin [homes] comment = Home Directories read only = No create mask = 0755 browseable = No veto files = /ADMIN.DLL/LOAD.EXE/MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS [pdsshare] comment = TEDD Production Data path = /pdsshare read only = No create mask = 0775 guest ok = Yes veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS [pdsstaff] comment = TEDD Only Nonshared path = /pdsstaff write list = @staff @pweng create mask = 0755 read only = No veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS [teddplan] comment = TEDD Staff-Only Share path = /teddplan/teddplan write list = @staff @planners create mask = 0755 read only = No veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS [orthopho] comment = Niess Orthophotos path = /orthopho write list = @sysadmin guest ok = Yes veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS [business] comment = Business Analyst path = /business/business write list = @bizanal guest ok = Yes veto files = /*.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS [esri] comment = Arc Info Libraries and License Files path = /esri valid users = @staff create mask = 0755 veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS browseable = No [pierce] comment = Pierce County Parcel Library path = /pcounty/bonanza/libs read only = Yes guest ok = Yes [pub] comment = TEDD World Share path = /pub/pub read only = No create mask = 0777 guest ok = Yes [syswork] comment = system administration path = /syswork valid users = @sysadmin read only = No browseable = No [images] comment = TEDD Graphics Repository Share path = /images/images write list = @images read only = No create mask = 0775 guest ok = Yes veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS [mrsidwrk] comment = TEDD mrsid compression area path = /mrsid/mrsidwrk write list = @staff create mask = 0755 read only = No veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS [arcviewt] comment = Arcview Tutorial path = /esri/arcviewtut read only = No guest ok = Yes veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ [intranetdev] comment = TEDD Intranet Pages path = /intranetdev/webintern write list = @webintrn read only = No veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ [webintrn] comment = Web Intern Work Area path = /intranetdev/webintern write list = @sysadmin @webintrn read only = No veto files = /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ *~?.???/*:*/Network Trash Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ [arc] comment = GIS Project ARC/Info applications and data path = /gisfs1/gis/arc write list = ptang sroberts guest ok = Yes [arcexe71] comment = Arc/INFO 7.1 Executables path = /gisfs1/arcexe71 guest ok = Yes [gis_maps] comment = GIS Project maps - Autocad format path = /gisfs1/gis/maps write list = @gisprcl read only = No guest ok = Yes - end smb.conf Celeste Suliin Burris Systems Administrator Tacoma Economic Development Department Email - csburris@ci.tacoma.wa.us
rruegner
2004-Sep-09 20:55 UTC
[Samba] "username map" parameter not working after upgrade to SAMBA 3
hi, as far i know username map is no longer valid for samba 3 (you can use admin users = root, Administrator) but the behavior has changed in total, so you have to use group and user mapping. read the faqs samba 3 as domain member server may help Regards Celeste Suliin Burris schrieb:> I have been using the "username map" parameter for some time on various > versions of Samba 2, and it has worked nicely. Last week I upgraded to > Samba 3 and integrated with Active Directory. Since I am using Solaris > 8, and "nsswitch.conf" doesn't support winbindd, I am using the "add > user script" parameter to add users. What is happening is that users in > the "username map" are getting added, even though their names were > previously resolving correctly. Everything else works pretty well, so > I'm not sure what is going on. Help would be appreciated. > > My "smb.conf" file follows - > > # Global parameters > [global] > workgroup = tacoma > netbios name = GEOBASE1 > server string = TEDD Sun Server > interfaces = 131.191.215.40/255.255.255.0 > # security = DOMAIN > security = ads > realm = TACOMA.LCL > encrypt passwords = Yes > min passwd length = 8 > password server = * > name resolve order = host wins > deadtime = 30 > preferred master = False > local master = No > domain master = False > wins server = 131.191.129.31 > winbind cache time = 36000 > printer admin = @printadm > create mask = 0775 > nt acl support = yes > template shell = /bin/false > template homedir = /export/home/geobase1/%U > username map = /usr/local/samba/lib/users.map > invalid users = smsadmin1 > # separate domain and username with "/", like DOMAIN/username > winbind separator = / > # use UIDs from 10000 to 20000 for domain users > idmap uid = 10000-20000 > idmap gid = 10000-20000 > # allow enumeration of winbind users and groups > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > # Allow Samba to add accounts for new users > winbind enable local accounts = yes > add user script = /usr/sbin/useradd -g nobody -d /tmp -s /bin/false > -m %u > delete user script = /usr/sbin/userdel %u > print command = /usr/bin/lp -d%p -o nobanner -Traw -s %s -c; rm %s > veto oplock files = /*.nit/*.dat/*.dir/*.adf/ > > [printers] > path = /var/spool/smbprint > printable = true > guest ok = true > > [print$] > comment = Windows Printer Drivers > path = /usr/local/samba/printdrv > write list = csburris, @printadm > guest ok = Yes > > [2kprint] > comment = Windows NT4 Printer Drivers > path = /usr/local/samba/drivers/2kprint > write list = @printadm > guest ok = Yes > > [tedplot3] > comment = TEDD HP Designjet 1055cm > path = /var/spool/smbprint > create mask = 0700 > guest ok = Yes > printable = Yes > printer name = tedplot3 > > [teddlbls] > comment = 9th Flr Epson 2170 - Labels Only > path = /var/spool/smbprint > create mask = 0700 > guest ok = Yes > printable = Yes > printer name = teddlbls > > [pdgmtrn1] > comment = TEDD HP 4m near NGY's desk > path = /var/spool/smbprint > create mask = 0700 > guest ok = Yes > printable = Yes > printer name = pdgmtrn1_2 > > [pdsuis1] > comment = DataProducts Printer in equipment room > path = /var/spool/smbprint > create mask = 0700 > guest ok = Yes > printable = Yes > printer name = pdsuis1 > > [pdshpplt] > comment = TEDD HP Designjet 755cm in equipment room > path = /var/spool/smbprint > create mask = 0700 > guest ok = Yes > printable = Yes > printer name = PDS_HPPlt_2 > > [gisinstl] > comment = ESRI Install Point > path = /gis_install/gisinstl > browseable = No > write list = @sysadmin > > [homes] > comment = Home Directories > read only = No > create mask = 0755 > browseable = No > veto files = > /ADMIN.DLL/LOAD.EXE/MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > > [pdsshare] > comment = TEDD Production Data > path = /pdsshare > read only = No > create mask = 0775 > guest ok = Yes > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ > MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > > [pdsstaff] > comment = TEDD Only Nonshared > path = /pdsstaff > write list = @staff @pweng > create mask = 0755 > read only = No > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ > MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > > [teddplan] > comment = TEDD Staff-Only Share > path = /teddplan/teddplan > write list = @staff @planners > create mask = 0755 > read only = No > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ > MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > > [orthopho] > comment = Niess Orthophotos > path = /orthopho > write list = @sysadmin > guest ok = Yes > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ > MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > > [business] > comment = Business Analyst > path = /business/business > write list = @bizanal > guest ok = Yes > veto files = > /*.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ > MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > > [esri] > comment = Arc Info Libraries and License Files > path = /esri > valid users = @staff > create mask = 0755 > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ > MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > browseable = No > > [pierce] > comment = Pierce County Parcel Library > path = /pcounty/bonanza/libs > read only = Yes > guest ok = Yes > > [pub] > comment = TEDD World Share > path = /pub/pub > read only = No > create mask = 0777 > guest ok = Yes > > [syswork] > comment = system administration > path = /syswork > valid users = @sysadmin > read only = No > browseable = No > > [images] > comment = TEDD Graphics Repository Share > path = /images/images > write list = @images > read only = No > create mask = 0775 > guest ok = Yes > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ > MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > > [mrsidwrk] > comment = TEDD mrsid compression area > path = /mrsid/mrsidwrk > write list = @staff > create mask = 0755 > read only = No > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ADMIN.DLL/LOAD.EXE/ > MMC.EXE/README.EXE/MEP*.TMP.EXE/SIRCAM.SYS > > [arcviewt] > comment = Arcview Tutorial > path = /esri/arcviewtut > read only = No > guest ok = Yes > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ > > [intranetdev] > comment = TEDD Intranet Pages > path = /intranetdev/webintern > write list = @webintrn > read only = No > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ > > [webintrn] > comment = Web Intern Work Area > path = /intranetdev/webintern > write list = @sysadmin @webintrn > read only = No > veto files = > /.AppleDouble/TheVolumeSettingsFolder/TheFindByContentFolder/Icon\r/ > *~?.???/*:*/Network Trash > Folder/resource.frk/.AppleDesktop/DesktopFolderDB/ > > [arc] > comment = GIS Project ARC/Info applications and data > path = /gisfs1/gis/arc > write list = ptang sroberts > guest ok = Yes > > [arcexe71] > comment = Arc/INFO 7.1 Executables > path = /gisfs1/arcexe71 > guest ok = Yes > > [gis_maps] > comment = GIS Project maps - Autocad format > path = /gisfs1/gis/maps > write list = @gisprcl > read only = No > guest ok = Yes > > - end smb.conf > > Celeste Suliin Burris > Systems Administrator > Tacoma Economic Development Department > Email - csburris@ci.tacoma.wa.us >