stephane durieux
2006-Feb-05 00:12 UTC
[Samba] newbie : mapping problem between linux and samba users
Hello I have a mapping problem between linux and samba users logged as a domain user steph under windows, I try to update the password but a message like "you don't have the right to do that operation" appeals. Logged as root I can do it. When I dismiss the synchronisation between linux and windows users, it works !! I have also noticed that I can only make mapping between pre defined windows with "net groupmap set" and not "net groupmap add sid= unixgroup= " which started to fail each time. (don t know if it s a normal behaviour) So I have though it was due to a problem in my tdb database file and I run a check tools giving no problem. So I put here my mappings : ------------------------------------------------ System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-3113648812-2111614216-3829755549-512) -> root Domain Guests (S-1-5-21-3113648812-2111614216-3829755549-514) -> -1 Power Users (S-1-5-32-547) -> users Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Users (S-1-5-21-3113648812-2111614216-3829755549-513) -> users the logs I have obtained (noticing there is a problem with a share secret between the window host and the server but which secret ? a secret for trusted domain ?????? no relation with my problem !!!) : [[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info_map(224) make_user_info_map: Mapping user [GII]\[steph] from workstation [ESSAI] [2006/02/03 15:53:35, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/02/03 15:53:35, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/02/03 15:53:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/03 15:53:35, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2006/02/03 15:53:35, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/03 15:53:35, 5] auth/auth_util.c:is_trusted_domain(1560) is_trusted_domain: Checking for domain trust with [GII] [2006/02/03 15:53:35, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(333) secrets_fetch failed! [2006/02/03 15:53:35, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/03 15:53:35, 10] lib/gencache.c:gencache_get(285) Cache entry with key = TDOM/GII couldn't be found [2006/02/03 15:53:35, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain GII found. [2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for steph (steph) [2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(142) making strings for steph's user_info struct [2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(184) making blobs for steph's user_info struct [2006/02/03 15:53:35, 10] auth/auth_util.c:make_user_info(200) made an encrypted user_info for steph (steph) [2006/02/03 15:53:35, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [GII]\[steph]@[ESSAI] with the new password interface [2006/02/03 15:53:35, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [GII]\[steph]@[ESSAI] [2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(231) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(233) challenge is: [2006/02/03 15:53:35, 5] lib/util.c:dump_data(1995) [000] 25 C6 28 63 8E 66 60 20 %.(c.f` [2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(259) check_ntlm_password: guest had nothing to say [2006/02/03 15:53:35, 8] lib/util.c:is_myname(1815) is_myname("GII") returns 0 [2006/02/03 15:53:35, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/02/03 15:53:35, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/02/03 15:53:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/03 15:53:35, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2006/02/03 15:53:35, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 here is my smb.conf --------------------------------- [global] netbios name = samba-1 workgroup = GII server string = %h server wins support = yes dns proxy = no log file = /var/log/samba/log.%m syslog=0 log level = 200 max log size = 1000 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = no unix password sync = yes passwd chat = "*Enter\snew\sUNIX\spassword:*" %n\n "*Retype\snew\sUNIX\spassword:*" %n\n "*" socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes local master = yes os level = 65 domain logons = yes time server = yes admin users = root logon path = \\%L\profiles\%U logon drive = W: logon home = \\%L\%U\.win_profile logon script = home.bat add user script = /usr/sbin/useradd -d /home/%u -g users -s /bin/bash -m %u delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g [ netlogon ] path = /var/lib/samba/netlogon writable = yes browsable = yes [ profiles ] path = /home/samba-profiles browsable = no writable = yes create mask = 0600 directory mask = 0700 [ homes ] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 [ partage ] path = /partage comment = Partage commun a tous les utilisateurs browsable = yes writable = yes create mask = 0777 directory mask = 0777