Re: [Samba] 3.0.25 breaks "username map"?
On Tue, 2007-05-22 at 11:09 +1200, Jason Haar wrote: > Christian Perrier wrote: > > Quoting Jason Haar ([EMAIL PROTECTED]): > > > >> Hi there > >> > >> I was using "username map" under 3.0.24 so that when I connected from > >> DOM\jhaar under (ADS Win2K3) Windows, it was mapped to my local "jhaar" > >> Unix account - with homedir "/home/jhaar", etc. > >> > > > > That sounds like samba bug #4620 > > (https://bugzilla.samba.org/show_bug.cgi?id=4620) > > ... > > Do you use "security=server"? The problem should disappear if you > > switch to "security=domain". > > > > > Sorry - it's "security=ADS". I saw that bug report before and didn't > think it applied to me as we're not using "security=server" Jason I think we have fixed this problem in SAMBA_3_0_25 (commit r23049) and the fix will be in 3.0.25a. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.25 breaks "username map"?
Christian Perrier wrote: > Quoting Jason Haar ([EMAIL PROTECTED]): > >> Hi there >> >> I was using "username map" under 3.0.24 so that when I connected from >> DOM\jhaar under (ADS Win2K3) Windows, it was mapped to my local "jhaar" >> Unix account - with homedir "/home/jhaar", etc. >> > > That sounds like samba bug #4620 > (https://bugzilla.samba.org/show_bug.cgi?id=4620) > ... > Do you use "security=server"? The problem should disappear if you > switch to "security=domain". > > Sorry - it's "security=ADS". I saw that bug report before and didn't think it applied to me as we're not using "security=server" -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.25 breaks "username map"?
Quoting Jason Haar ([EMAIL PROTECTED]): > Hi there > > I was using "username map" under 3.0.24 so that when I connected from > DOM\jhaar under (ADS Win2K3) Windows, it was mapped to my local "jhaar" > Unix account - with homedir "/home/jhaar", etc. That sounds like samba bug #4620 (https://bugzilla.samba.org/show_bug.cgi?id=4620) and Debian bug #424046 (http://bugs.debian.org/424046). Yes, even if you don't use Debian...;-) While, as far as I know, the bug submitter did not mention in #4620 whether (s)he uses "username map", this is really really similar.. Do you use "security=server"? The problem should disappear if you switch to "security=domain". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.25 breaks "username map"?
Hi there I was using "username map" under 3.0.24 so that when I connected from DOM\jhaar under (ADS Win2K3) Windows, it was mapped to my local "jhaar" Unix account - with homedir "/home/jhaar", etc. However, when I upgraded to 3.0.25, I started getting NT_STATUS_LOGON_FAILURE errors - even when just trying to list the shares. This occurred using smbclient as well as Windows clients. Ends up it was that "username map" wasn't working correctly. It appears to be that when DOM\jhaar connects, it generates the following error: [2007/05/21 13:18:11, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: Unix User\jhaar => Unix User (domain), jhaar (name) [2007/05/21 13:18:11, 10] lib/util_pw.c:getpwnam_alloc(76) Got jhaar from pwnam_cache [2007/05/21 13:18:11, 5] passdb/lookup_sid.c:sid_to_uid(1401) winbind failed to find a uid for sid S-1-22-1-500 [2007/05/21 13:18:11, 1] auth/auth_util.c:create_token_from_username(1110) sid_to_uid for jhaar (S-1-22-1-500) failed [2007/05/21 13:18:11, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(131) create_local_token failed [2007/05/21 13:18:11, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE The Unix account "jhaar" indeed has a UID of 500. If I remove the account from the "username map" file, then the problem disappears - although of course I can no longer connect to my homedir as the UIDs of "jhaar" cf. "DOM\jhaar" are different :-/ I have tried this with a couple of other domain accounts (I created Unix versions of the usernames) and the same thing occurs. If they are not in the "username map" file, they work - otherwise they don't. Has the format of "username map" changed? I currently have "jhaar=DOM\jhaar" and that worked under 3.0.24 and previous. I have rolled back to 3.0.24 and the problem disappears - so it's something in 3.0.25 fer shure... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba