Bug 3993 - force user is assigning to domain user not unix user
Summary: force user is assigning to domain user not unix user
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.23a
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-08-02 16:03 UTC by Adam Benjamin
Modified: 2006-08-06 13:51 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Benjamin 2006-08-02 16:03:58 UTC
I don't know when the behavior changed as I had been away for two weeks, but I noticed the problem after I recently upgraded.  I'm a Fedora Core 4 user running Version: 3.0.23a, Release: 1.fc4.1

I use winbind to connect to our domain via security = ads

In order to have my domain user permitted to read/write/etc to my linux box, I used force user = username   Until recently that was working just fabulously.

What I've noticed now is that foce user's behavior is such that it is mapping "force user = username" to ADDOMAIN+username instead of the local UNIX account.  I've tried this with a few different "username" choices - and if the AD account name exists, it uses that instead of the local user.  I would be fine if there was a way to say \username to get the local account, or some other control sequence to ensure use of the local account - but I don't see how to do that... and it's a change in the behavior.  (ie. it *was* working)

I can provide my whole smb.conf, but I don't think it will make a difference.  The windbind stuff is configured as follows:

winbind separator = +
idmap uid = 30000-90000
idmap gid = 30000-90000 
winbind enum users = yes 
winbind enum groups = yes

Here's an example share that doesn't work as per normal:

[tmp]
        comment = testing
        browseable = yes
        public = no
        writable = yes
        force user = username
        valid users = ADDOMAIN+username
        path = /tmp

Help?

Thanks,

Adam Benjamin
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-08-06 13:51:20 UTC
This should be fixed in SAMBA_3_0_23 now (for the upcoming 3.0.23b release).
Please test.