Heath Kehoe
2004-Oct-08 16:04 UTC
[Samba] (retry) 3.0.7: username map doesn't work with security=ADS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (OK, my first message got mangled because of the attachments, so I'm reposting) I've got a samba 3 box that's part of an AD domain. It works correctly for most users; but there was a problem where certain users couldn't connect. We'd get a log message that looks like this: Username SAMPLE.COM\pcuser is invalid on this system It turns out that the users who could not connect are those who have a different unix username then their AD username. Even though I have a username map file set up, samba didn't seem to be using it. This bug appeared somewhere between 3.0.2a and 3.0.6. When we were on 3.0.2a, the username map worked. I looked at the code, and found a problem in smbd/sesssetup.c: reply_spnego_kerberos() calls map_username() with "DOMAIN\username" but map_username() expects the username without the domain. So, as a workaround, I could change my usermap file to include the domain with the usernames; e.g., unixuser = pcuser SAMPLE.COM\pcuser but that's kind of clunky. So instead I created a patch for source/smbd/sesssetup.c, which I put here: http://www.avalon.net/~hakehoe/diff1.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBZrp64uXPAG0A1J4RAoNFAJwMH1iAArYJA6RIDIECNIIsgl6q+ACcCtcK c1R0Xg1ureKLzMobLB4P+sE=ghP7 -----END PGP SIGNATURE-----
Seemingly Similar Threads
- (retry) 3.0.7: 'map to guest' incomplete behavior
- Samba 3.0 question, DOMAIN vs. SERVER method? Help!
- Newbie configuration Q
- [PATCH] net: virtio_net: use new api ethtool_{get|set}_link_ksettings
- [PATCH] net: virtio_net: use new api ethtool_{get|set}_link_ksettings