I have samba 3.0.23a running on gentoo linux with AD domain authentication. I have smbusers set up and some of domain users mapped to local users. After the upgrade from 3.0.23 it seems that samba gets confused who the domain user is in case when domain username is the same as local's. relevant samba log entry: [2006/08/01 16:48:17, 1] smbd/service.c:make_connection_snum(941) 10.0.0.35 (10.0.0.35) connect to service leszek initially as user leszek (uid=45085, gid=45001) (pid 29943) leszek is local username. domain one was DOMAIN\leszek which is mapped to leszek in smbusers. it seems that uid that is assigned comes from domain ids and not from local ids.
Can you post your smb.conf and more details on your setup please. Jeremy.
ok here it goes: [global] dos charset = 852 unix charset = ISO8859-2 display charset = ISO8859-2 workgroup = WORKGROUP realm = DOMAINNAME security = ADS map to guest = Bad User password server = PASSSERVER username map = /etc/samba/smbusers log level = 2 log file = /var/log/samba/log.%m max log size = 50 unix extensions = No max open files = 1000 socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 load printers = No ldap ssl = no idmap uid = 45000-60000 idmap gid = 45000-60000 comment = Linux Samba server case sensitive = No [homes] comment = Katalog domowy read only = No browseable = No [samba] comment = samba mia path = /opt/samba admin users = doli read only = No guest ok = Yes [archive] comment = Archive path = /big/archive valid users = @archive, DOMAIN\name, DOMAIN\name... admin users = doli, leszek force group = archive read only = No create mask = 0740 force create mode = 0740 browseable = No and part of smbusers: doli = DOMAIN\bartek leszek = DOMAIN\leszek wuda = DOMAIN\karol these users in local group 'archive' (/etc/group) before the change the way it worked: - domain users that are in valid users list are not mapped to local users. they just get access to archive. - domain user karol gets mapped to local user wuda, gets archive group assigned, therefore he gets access to archive - domain user bartek gets connected as local user doli, gets archive group assigned, becomes admin of archive - domain user leszek gets connected as local user leszek, gets archive group assigned and becomes admin of archive now, the latest option stopped working.
I think this is fixed in 3.0.23b (to be relese soon). Please test the current SAMBA_3_0_RELEASE svn branch if possible. Also available at rsync://rsync.samba.org/ftp/unpacked/samba_3_0_release
i have tested last release (b) the problem seems to go away BUT there is a new one! it seems that the part allowing local user group to access archive does not work anymore. doli is in local group archive, and is being mapped from domain user bartek. doli is allowed to access to archive (@archive) + he is admin user of that share. but it stopped working properly. i have to put allow = doli to let doli log in. if i don't - i get 'user doli is not permitted to access this share' error. any ideas?
Please see the patch at http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v3.patch