I tried to send a level 10 log from the moment of connection to the user that should be mapped touching a file, but the attachment was too large and the messages bounced, awaiting moderator approval. So instead, I'll try to post the sections I think are relevant here:
searching for spnego and username.map led me to this section: ********************************************************************************************************* [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 len2=24 [2004/10/18 08:19:25, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) auth_context challenge set by NTLMSSP callback (NTLM2) [2004/10/18 08:19:25, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) challenge is: [2004/10/18 08:19:25, 5] lib/util.c:dump_data(1835) [000] C7 63 4B 45 C2 48 96 F8 .cKE.H.. [2004/10/18 08:19:25, 6] param/loadparm.c:lp_file_list_changed(2681) lp_file_list_changed() file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf last mod_time: Mon Oct 18 07:57:06 2 004 [2004/10/18 08:19:25, 4] lib/username.c:map_username(132) Scanning username map /opt/samba/lib/username.map [2004/10/18 08:19:25, 10] lib/username.c:user_in_list(529) user_in_list: checking user imguser in list [2004/10/18 08:19:25, 10] lib/username.c:user_in_list(533) user_in_list: checking user |imguser| against |EDSADDDM+imguser| [2004/10/18 08:19:25, 10] lib/username.c:user_in_list(610) user_in_list: checking if user |imguser| is in winbind group |EDSADDDM+imguser| [2004/10/18 08:19:26, 5] auth/auth_util.c:make_user_info_map(225) make_user_info_map: Mapping user [EDSADDDM]\[imguser] from workstation [MULE] [2004/10/18 08:19:26, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = TDOM/EDSADDDM, value = S-1-5-21-764805150-3330113275-14862 79211, timeout = Mon Oct 18 08:24:08 2004 ********************************************************************************************************* >From "checking user |imguser| against |EDSADDDM+imguser|", when EDSADDDM+imguser is in my username.map, it would appear that the domain (EDSADDDM) is not being passed. How can I tell from the level 10 log if I'm using NTLM or Kerberos authentication? Specifically, what can I search through the log for in order to find a section to post? Thanks for all your help. Greg On Wed, 20 Oct 2004 10:42:12 -0500, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greg Adams wrote: > | I'm sorry, I still don't quite follow you. > | > | I have "security = ads", and, as far as I can tell, > | a working kerberos installation, so that means I'm > | using kerberos authentication, right? > > Correct. > > | From the messages above, that means samba should > | be honoring the domain portion of entries in the > | username map, which it is not doing. Or am I > | using NTLM authentication for some weird reason? > > smbd should be honoring entries like > > jerry = AD\gcarter > > You can check a level 10 smbd debug log to verify that > the krb5 SNPEGO login is working. > > I'll work on getting the NTLM/username map functionality fixed. > > > cheers, jerry > - --------------------------------------------------------------------- > Alleviating the pain of Windows(tm) ------- http://www.samba.org > GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc > "If we're adding to the noise, turn off this song"--Switchfoot (2003) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFBdodUIR7qMdg1EfYRAsoNAKDfDj12mHbQtIByveM8h5GMhYJK2QCfeo9g > HmSadb1FMvxE59cwtY+BcjA= > =V897 > -----END PGP SIGNATURE----- > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
