Bug 4595 - username map not working between 3.0.24 and 3.0.25rc3
Summary: username map not working between 3.0.24 and 3.0.25rc3
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.25
Hardware: Sparc Solaris
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-05 13:17 UTC by Joe Adams
Modified: 2020-12-20 22:23 UTC (History)
0 users

See Also:


Attachments
Samba config file (3.79 KB, text/plain)
2007-05-05 13:32 UTC, Joe Adams
no flags Details
Kerberos config file (455 bytes, text/plain)
2007-05-05 13:35 UTC, Joe Adams
no flags Details
Logs during failure (358.47 KB, application/octet-stream)
2007-05-05 14:50 UTC, Joe Adams
no flags Details
Logs with successful connection (635.91 KB, application/octet-stream)
2007-05-05 14:52 UTC, Joe Adams
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Joe Adams 2007-05-05 13:17:22 UTC
Sorry if this bug is already out there. I searched and could not find a related bug report.

A username map operation works in 3.0.24 and does not work in 3.0.25rc3.

I built 3.0.25.rc3 on Solaris 9. I have successfully joined Samba to a Windows 2003 AD. I can successfully access shares with a Windows/Domain login name that matches a Unix login name. The successfull test Windows login name is "jdadams" or "gs\jdadams".

If I try to use username map to map a Windows/Domain login to a UNIX login, I get this message in the Samba Computer name log file:

[2007/05/05 10:42:41, 1] auth/auth_util.c:create_token_from_username(1110)
  sid_to_uid for jdadams (S-1-22-1-14229) failed

The test Windows/Domain login name = "jdadams-ou" or "gs\jdadams-ou"

The username map file contains this single line:

     jdadams = gs\jdadams-ou

The error message makes me think the mapping has occurred because "jdadams" and not "jdadams-ou" appears in the log file but something is breaking after the mapping occurs.

I was jumping from 3.0.12.rc1 to 3.0.25.rc3 so I had not tried 3.0.24 until I experienced this problem. I encounted the problem, built/installed 3.0.24, and used all the same config files and 3.0.24 worked first try.

Hope this helps 3.0.25 and does not distract.

I'm not looking for a fix any time soon. I'm going to run on 3.0.24.

Thanks,

Joe Adams
Denver, Colorado

Before building Samba, I built/installed these two packages into /usr/local

krb5-1.6.1
./configure
make install

openldap-2.3.32
CC=gcc ./configure  --disable-slapd --disable-backends --disable-overlays --disable-slurpd
make install

Samba config
./configure --with-included-popt --with-acl-support --with-ads --with-krb5=/usr/local
make install

bash-2.05# gcc --version
gcc (GCC) 3.4.2
Comment 1 Joe Adams 2007-05-05 13:32:51 UTC
Created attachment 2682 [details]
Samba config file
Comment 2 Joe Adams 2007-05-05 13:35:24 UTC
Created attachment 2683 [details]
Kerberos config file
Comment 3 Joe Adams 2007-05-05 14:50:19 UTC
Created attachment 2684 [details]
Logs during failure

GZIP tar file of the var sub-directory containing all logs with debug level 10 turned on. Hopefully these logs contain one failed connect attempt with Windows user name "jdadams-ou" failing to username map correctly to UNIX user name/id "jdadams".
Comment 4 Joe Adams 2007-05-05 14:52:51 UTC
Created attachment 2685 [details]
Logs with successful connection

GZIP tar file of the var sub-directory containing all logs with debug level 10 turned on. This is the same var logs directory containing the failed username map attempt followed by a success connection with the non-mapped Windows username of "jdadams".
Comment 5 Simo Sorce 2007-06-10 15:21:31 UTC
Joe, I think rhis works in 3.0.25a, any chance you can test and report if it is still a problem for you?
Comment 6 Joe Adams 2007-06-11 10:12:39 UTC
Will do. Will try to complete testing this week.
Comment 7 Björn Jacke 2020-12-20 22:23:23 UTC
I think this works these days, right?