stephane durieux
2006-Feb-05 00:12 UTC
[Samba] newbie : mapping problem between linux and samba users
Hello
I have a mapping problem between linux and samba users
logged as a domain user steph under windows, I try to update the
password but a message like
"you don't have the right to do that operation" appeals.
Logged as root I can do it.
When I dismiss the synchronisation between linux and windows users,
it works !!
I have also noticed that I can only make mapping between pre defined
windows
with "net groupmap set" and not "net groupmap add sid= unixgroup=
"
which started to fail each time.
(don t know if it s a normal behaviour)
So I have though it was due to a problem in my tdb database file and I
run a check tools giving no problem.
So I put here my mappings :
------------------------------------------------
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3113648812-2111614216-3829755549-512) -> root
Domain Guests (S-1-5-21-3113648812-2111614216-3829755549-514) -> -1
Power Users (S-1-5-32-547) -> users
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-3113648812-2111614216-3829755549-513) -> users
the logs I have obtained (noticing there is a problem with a share
secret between the window host and the server but which secret ? a
secret for trusted domain ?????? no relation with my problem !!!) :
[[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info_map(224)
make_user_info_map: Mapping user [GII]\[steph] from workstation [ESSAI]
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/02/03 15:53:35, 5] auth/auth_util.c:is_trusted_domain(1560)
is_trusted_domain: Checking for domain trust with [GII]
[2006/02/03 15:53:35, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(333)
secrets_fetch failed!
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 10] lib/gencache.c:gencache_get(285)
Cache entry with key = TDOM/GII couldn't be found
[2006/02/03 15:53:35, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain GII found.
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(132)
attempting to make a user_info for steph (steph)
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(142)
making strings for steph's user_info struct
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(184)
making blobs for steph's user_info struct
[2006/02/03 15:53:35, 10] auth/auth_util.c:make_user_info(200)
made an encrypted user_info for steph (steph)
[2006/02/03 15:53:35, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[GII]\[steph]@[ESSAI] with the new password interface
[2006/02/03 15:53:35, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [GII]\[steph]@[ESSAI]
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(231)
check_ntlm_password: auth_context challenge created by NTLMSSP
callback (NTLM2)
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(233)
challenge is:
[2006/02/03 15:53:35, 5] lib/util.c:dump_data(1995)
[000] 25 C6 28 63 8E 66 60 20 %.(c.f`
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: guest had nothing to say
[2006/02/03 15:53:35, 8] lib/util.c:is_myname(1815)
is_myname("GII") returns 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
here is my smb.conf
---------------------------------
[global]
netbios name = samba-1
workgroup = GII
server string = %h server
wins support = yes
dns proxy = no
log file = /var/log/samba/log.%m
syslog=0
log level = 200
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = yes
passwd chat = "*Enter\snew\sUNIX\spassword:*" %n\n
"*Retype\snew\sUNIX\spassword:*" %n\n "*"
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = yes
local master = yes
os level = 65
domain logons = yes
time server = yes
admin users = root
logon path = \\%L\profiles\%U
logon drive = W:
logon home = \\%L\%U\.win_profile
logon script = home.bat
add user script = /usr/sbin/useradd -d /home/%u -g users -s /bin/bash
-m %u
delete user script = /usr/sbin/userdel %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
[ netlogon ]
path = /var/lib/samba/netlogon
writable = yes
browsable = yes
[ profiles ]
path = /home/samba-profiles
browsable = no
writable = yes
create mask = 0600
directory mask = 0700
[ homes ]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
[ partage ]
path = /partage
comment = Partage commun a tous les utilisateurs
browsable = yes
writable = yes
create mask = 0777
directory mask = 0777
Possibly Parallel Threads
Wisdom of the Ancients
