The Samba-Bugzilla – Bug 1151
ads problem with 'username map'
Last modified: 2005-11-14 09:26:49 UTC
Than 'security =ADS' is used, the 'username map' field will be ignored and no
mappings are done.
Are you really using 3.0.2 ? I fixed this in 3.0.1 and
got reports that it was working.
Please provide more details -- are you running
winbindd ? What does the username map look like ?
What about level 10 debug logs?
mail from firstname.lastname@example.org:
yes I'm using 3.0.2a.
You are right, I'm using winbindd. In regard to
the mapping file I tried nearly every simple constellation, like
'root = "Windows User"', 'root = win_user' or 'root = @WIN_Group'.
The last variant (windows group to user) I interested to use. I
have no level 10 log, but if really needed I will create one.
For now this issue is not critical for me because I'm using
the 'admin users' entry in smb.conf.
Please note I have tested 'username map' with 'winbind
default domain = yes', but this caused problems with the
ACLs (the secondary group information was not visible for
samba nad I got denies, but commands like group had worked).
This is by design. If nss_winbindd knows about the account
you will get that user. 'username map' should apply to real
unix accounts, not winbindd users.
Jeremy though it was a good idea to apply username map to every user.
fix is included in the patch for bug 1165 already checked into CVS.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.