Bug 1151 - ads problem with 'username map'
Summary: ads problem with 'username map'
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.2
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-02 17:59 UTC by Ralf
Modified: 2005-11-14 09:26 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf 2004-03-02 17:59:23 UTC
Than 'security =ADS' is used, the 'username map' field will be ignored and no
mappings are done.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-03-06 12:33:46 UTC
Are you really using 3.0.2 ?  I fixed this in 3.0.1 and 
got reports that it was working.

Please provide more details -- are you running 
winbindd ?  What does the username map look like ?  
What about level 10 debug logs?
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-03-11 08:32:40 UTC
mail from ralf.tomczak@bistromathic.com:

yes I'm using 3.0.2a. 

You are right, I'm using winbindd. In regard to 
the mapping file I tried nearly every simple constellation, like 
'root = "Windows User"', 'root = win_user' or 'root = @WIN_Group'. 
The last variant (windows group to user) I interested to use. I 
have no level 10 log, but if really needed I will create one. 
For now this issue is not critical for me because I'm using 
the 'admin users' entry in smb.conf.

Please note I have tested 'username map' with 'winbind 
default domain = yes', but this caused problems with the 
ACLs (the secondary group information was not visible for 
samba nad I got denies, but commands like group had worked). 
Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-03-15 12:55:40 UTC
This is by design.  If nss_winbindd knows about the account 
you will get that user.  'username map' should apply to real
unix accounts, not winbindd users.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2004-03-17 20:29:46 UTC
Jeremy though it was a good idea to apply username map to every user.
Comment 5 Gerald (Jerry) Carter (dead mail address) 2004-03-17 20:30:12 UTC
fix is included in the patch for bug 1165 already checked into CVS.
Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:17:03 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:26:49 UTC
database cleanup