It turned out that the Windows ID was 9 characters and for some reason the
Unix system was truncating it. I'm guessing that it is because the Unix box
has a 8 character ID limit. We changed the Windows ID to 7 characters and
everything worked.
JC
------ Original Message ------
Received: Wed, 08 Aug 2007 05:10:15 PM EDT
From: "JESSE CARROLL" <jesse-carroll@usa.net>
To: <samba@lists.samba.org>
Subject: username map
Forgive me for being new - but you've got start somewhere.
I've setup SAMBA on a Unix server that talks to AD. Almost everything works
save for a user name map. From my configuration (names changed)below I can
attach from windusr1 on PC1 to the Unix system and it sets up as unxusr1 no
problems and clean. I can access all three shares. However, when I try to do
the same thing from PC2 for appusrwin I am prompted for a name/password. No
matter what I put in (windows ID/password or Unix ID/password, or
combinations
of these)I can't connect. The message in the log.smbd is
"domain_client_validate: unable to validate password for user appusru in
domain XXXGLOBAL to Domain controller USORSDC00. Error was
NT_STATUS_NO_SUCH_USER." Note that in reality the Unix ID and Windows are
very similar, with the difference being that the Windows ID is the same as
the
Unix ID but with 2 more characters. What am I doing incorrectly?
::::::::::::::
smb.conf
::::::::::::::
[global]
security = domain
workgroup = XXXGLOBAL
netbios name = unix01
password server = adserver01, adserver02
domain master = no
local master = no
preferred master = no
username map = /usr/local/samba/lib/smb.users
[homes]
writeable = yes
# +sysadmin is a Unix group which unxusr1 is a member
valid users = +sysadmin
wide links = no
[trax]
path = /var/data_files
writeable = yes
valid users = unxusr1, appusru
wide links = no
[test]
path = /var/tmp
writeable = yes
valid users = unxusr1, appusru
wide links = no
::::::::::::::
smb.users
::::::::::::::
unxusr1 = XXXGLOBAL\windusr1
appusru = XXXGLOBAL\appusrwin
