Yeah, that solved the problem for valid users. Thanks.
However, I now have a different problem. The same kind of logic should apply to the username map, right? But it doesn't seem to.
smb.conf: ********************************************************************************************************* [global]
workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM
server string = Maul Test Server
log level = 2
max log size = 100
security = ADS
local master = no
os level = 0
domain master = no
preferred master = no
wins server = 199.42.192.103 dns proxy = no
encrypt passwords = yes
idmap uid = 60000-70000 idmap gid = 80000-90000
winbind enum users = yes winbind enum groups = yes
winbind separator = +
winbind use default domain = no
username map = /opt/samba/lib/username.map
[space] comment = Space Partition Share path = /space writable = yes browsable = yes *********************************************************************************************************
username.map:
********************************************************************************************************* !grega = "EDSADDDM+imguser" *********************************************************************************************************
If I map the share from my Windows XP client as EDSADDDM\imguser, it doesn't do the mapping. I get the following messages in log.smbd: ********************************************************************************************************* [2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. open_sockets_smbd: accept: Software caused connection abort [2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/14 09:57:40, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [imguser] -> [imguser] -> [EDSADDDM+imguser] succeeded [2004/10/14 09:57:40, 1] smbd/service.c:make_connection_snum(648) mule (199.42.192.45) connect to service space initially as user EDSADDDM+imguser (uid=60001, gid=80000) (pid 25694) *********************************************************************************************************
and if I create a new file it gets the following ownership/permission:
********************************************************************************************************* # ls -l /space/tmp total 0 -rwxr--r-- 1 nobody EDSADDDM+Domain Users 0 Oct 14 09:59 New Text Document.txt *********************************************************************************************************
However, if I change username.map to the following and restart Samba:
********************************************************************************************************* !grega = "imguser" *********************************************************************************************************
The username map does what I think it should... The permissions on the created file are as follows:
********************************************************************************************************* # ls -l /space/tmp total 0 -rwxr--r-- 1 grega eng 0 Oct 14 10:01 New Text Document.txt *********************************************************************************************************
So... it appears that the username map is not using the domain information.
I do believe it should... Could you provide 'log level = 10' from the moment 'EDSADDDM+imguser' logs in and till it creates a file? This should be logs for the '!grega = "EDSADDDM+imguser"' line in the map file.
Thanks, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
