Dear all I am trying to configure samba username map file in order to map the same user from a windows domain to 2 different unix users: Map to = map from bea = PRODUCTION\garcijo mpcadmin = PRODUCTION\garcijo but only works for the first map in the map file. When I try to use a share with permissions for mpcadmin unix user, I realize that smbd takes the first map (bea user) and then it makes the authentication with the user PRODUCTION\garcijo. Then it checks whether user bea has permissions to the that share which it is not and it eventually fails. I try to put exclamation mark at the beginning of the map but it does not work either. I did not find any way to fix it. Any ideas? Any workaround? Any help will be much appreciated. Regards, IT Infrastructure & Operations Service // ITD - OHIM Services Provided by Jordi GARCIA - OPERATIONS Unix Admin FUJITSU SERVICES E-mail: Jordi.GARCIA at oami.europa.eu Phone: Fixed #9777 - Mobile #5777 ********************************************************************************************** IMPORTANT: This message is intended exclusively for information purposes. It cannot be considered as an official OHIM communication concerning procedures laid down in the Community Trade Mark Regulations and Designs Regulations. It is therefore not legally binding on the OHIM for the purpose of those procedures. The information contained in this message and attachments is intended solely for the attention and use of the named addressee and may be confidential. If you are not the intended recipient, you are reminded that the information remains the property of the sender. You must not use, disclose, distribute, copy, print or rely on this e-mail. If you have received this message in error, please contact the sender immediately and irrevocably delete or destroy this message and any copies. **********************************************************************************************
I suspect that the problem is that Samba is looking up the Windows name and simply mapping to the first instance it finds. A work-around would be to use the "force user" setting on the share. Allow garcijo access then force the user to be mpcadmin. You may also want to consider your strategy for setting permissions. Why bother with Unix accounts when Windows accounts can do what you want? Open up the share to a larger Unix group but set the Windows permissions to just give access to the person you want. GARCIA CABALLERO Jordi wrote:> Dear all > > > > I am trying to configure samba username map file in order to map the > same user from a windows domain to 2 different unix users: > > > > Map to = map from > > > > bea = PRODUCTION\garcijo > > mpcadmin = PRODUCTION\garcijo > > > > but only works for the first map in the map file. When I try to use a > share with permissions for mpcadmin unix user, I realize that smbd takes > the first map (bea user) and then it makes the authentication with the > user PRODUCTION\garcijo. Then it checks whether user bea has permissions > to the that share which it is not and it eventually fails. I try to put > exclamation mark at the beginning of the map but it does not work > either. > > > > I did not find any way to fix it. Any ideas? Any workaround? > > > > Any help will be much appreciated. > > > > Regards, > > > > IT Infrastructure & Operations Service // ITD - OHIM > > Services Provided by > > Jordi GARCIA - OPERATIONS Unix Admin > > FUJITSU SERVICES > > E-mail: Jordi.GARCIA at oami.europa.eu > > Phone: Fixed #9777 - Mobile #5777 > > > > ********************************************************************************************** > IMPORTANT: This message is intended exclusively for information purposes. It cannot be considered as an > official OHIM communication concerning procedures laid down in the Community Trade Mark Regulations > and Designs Regulations. It is therefore not legally binding on the OHIM for the purpose of those procedures. > The information contained in this message and attachments is intended solely for the attention and use of the > named addressee and may be confidential. If you are not the intended recipient, you are reminded that the > information remains the property of the sender. You must not use, disclose, distribute, copy, print or rely on this > e-mail. If you have received this message in error, please contact the sender immediately and irrevocably > delete or destroy this message and any copies. > > ********************************************************************************************** >
Hi Gary Thanks for the quick answer. The first solution works fine and it is right for me. But indeed, what I want to set is group mappings instead of user mappings. In order to do that I created a share with a determined unix group and I map a Windows group to that unix group following the instructions given in the link below. Then, I add my Windows user to the Windows group, but it does not work. Is it simple as this? Do I need to use "force group"? http://samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html Thanks in advance, IT Infrastructure & Operations Service // ITD - OHIM Services Provided by Jordi GARCIA - OPERATIONS Unix Admin FUJITSU SERVICES -----Original Message----- From: Gary Dale [mailto:garydale at rogers.com] Sent: 29 September 2009 17:39 Cc: samba at lists.samba.org Subject: Re: [Samba] Mapping usernames I suspect that the problem is that Samba is looking up the Windows name and simply mapping to the first instance it finds. A work-around would be to use the "force user" setting on the share. Allow garcijo access then force the user to be mpcadmin. You may also want to consider your strategy for setting permissions. Why bother with Unix accounts when Windows accounts can do what you want? Open up the share to a larger Unix group but set the Windows permissions to just give access to the person you want. GARCIA CABALLERO Jordi wrote:> Dear all > > > > I am trying to configure samba username map file in order to map the > same user from a windows domain to 2 different unix users: > > > > Map to = map from > > > > bea = PRODUCTION\garcijo > > mpcadmin = PRODUCTION\garcijo > > > > but only works for the first map in the map file. When I try to use a > share with permissions for mpcadmin unix user, I realize that smbdtakes> the first map (bea user) and then it makes the authentication with the > user PRODUCTION\garcijo. Then it checks whether user bea haspermissions> to the that share which it is not and it eventually fails. I try toput> exclamation mark at the beginning of the map but it does not work > either. > > > > I did not find any way to fix it. Any ideas? Any workaround? > > > > Any help will be much appreciated. > > > > Regards, > > > > IT Infrastructure & Operations Service // ITD - OHIM > > Services Provided by > > Jordi GARCIA - OPERATIONS Unix Admin > > FUJITSU SERVICES > > E-mail: Jordi.GARCIA at oami.europa.eu > > Phone: Fixed #9777 - Mobile #5777 > > > >************************************************************************ **********************> IMPORTANT: This message is intended exclusively for informationpurposes. It cannot be considered as an> official OHIM communication concerning procedures laid down in theCommunity Trade Mark Regulations> and Designs Regulations. It is therefore not legally binding on theOHIM for the purpose of those procedures.> The information contained in this message and attachments is intendedsolely for the attention and use of the> named addressee and may be confidential. If you are not the intendedrecipient, you are reminded that the> information remains the property of the sender. You must not use,disclose, distribute, copy, print or rely on this> e-mail. If you have received this message in error, please contact thesender immediately and irrevocably> delete or destroy this message and any copies. > >************************************************************************ **********************>********************************************************************************************** IMPORTANT: This message is intended exclusively for information purposes. It cannot be considered as an official OHIM communication concerning procedures laid down in the Community Trade Mark Regulations and Designs Regulations. It is therefore not legally binding on the OHIM for the purpose of those procedures. The information contained in this message and attachments is intended solely for the attention and use of the named addressee and may be confidential. If you are not the intended recipient, you are reminded that the information remains the property of the sender. You must not use, disclose, distribute, copy, print or rely on this e-mail. If you have received this message in error, please contact the sender immediately and irrevocably delete or destroy this message and any copies. **********************************************************************************************