Billinghurst, David (CALCRTS)
2005-Oct-17 07:21 UTC
[Samba] username maps and security=ads
I have been having problems with username maps and security=ads.
I now have a solution (or at least a work around) that is working
for me. I sort of stumbled across it, as I don't recall reading
any samba docs that mentions the need to have the realm name
in the smbuser file.
Samba server is RHEL3 with samba-3.0.20 compiled from source
authenticating against a windows ADS.
Here is the smb.conf file
# Global parameters
[global]
workgroup = GROUP
realm = GROUP.COMPANY.ORG
server string = Samba Server
encrypt passwords = yes
security = ads
username map = /usr/local/samba-3.0.20/lib/smbusers
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = No
dns proxy = No
os level = 0
log level = 3
[homes]
comment = Home Directories
read only = No
I found that the smb user map file had to look like
# Unix_name = SMB_name1 SMB_name2 ...
unixuser = smbname GROUP.COMPANY.ORG\smbname
NOTICE
This e-mail and any attachments are private and confidential and may contain
privileged information. If you are not an authorised recipient, the copying or
distribution of this e-mail and any attachments is prohibited and you must not
read, print or act in reliance on this e-mail or attachments.
This notice should not be removed.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Billinghurst, David (CALCRTS) wrote: | I have been having problems with username maps and security=ads. | | I now have a solution (or at least a work around) that is working | for me. I sort of stumbled across it, as I don't recall reading | any samba docs that mentions the need to have the realm name | in the smbuser file. | | Samba server is RHEL3 with samba-3.0.20 compiled from source | authenticating against a windows ADS. This is described in the smb.conf man page and in the release notes for Samba 3.0.8 ... | I found that the smb user map file had to look like | | # Unix_name = SMB_name1 SMB_name2 ... | unixuser = smbname GROUP.COMPANY.ORG\smbname cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVOQpIR7qMdg1EfYRApuHAJ9bvC1tuK2z4RaBfeqYhN5jdEmY2gCfcz2g h0fdcvD8QotQBzNnOJuzP7A=cCTh -----END PGP SIGNATURE-----