The Samba-Bugzilla – Bug 5035
Username Mapping is Broken
Last modified: 2007-10-23 17:03:24 UTC
The user name mapping function in version is broken.
In version 2.2.8 samba used the users.map file to map the UNIX name to the Windows name.
In version 3, the file does not work. Samba does not validate the user. It asks for a user name and password and no combination of user name and password works.
Please make sure to read the section on username mapping in
the WHATSNEW.txt. I do not see any unexpected failure cases
regarding username maps or the username map script options.
I have looked at WHATSNEW.txt. There is no specific section on username mapping. The documentation I can find says that the "username mapping" variable in smb.conf is still supported. I can find no way to map a pc id to a unix id without samba asking for a username and passwod when trying to connect to a share.
Maybe this doesn't pertain to you but there certainly is information in
the release notes about username mapping. From the section regarding
Change in Username Map
Previous Samba releases would only support reading the fully qualified
username (e.g. DOMAIN\user) from the username map when performing a
Kerberos login from a client. However, when looking up a map
entry for a user authenticated by NTLM[SSP], only the login name would be
used for matches. This resulted in inconsistent behavior sometimes
even on the same server.
Samba 3.0.8 obeys the following rules when applying the username
* When performing local authentication, the username map is
applied to the login name before attempting to authenticate
* When relying upon a external domain controller for validating
authentication requests, smbd will apply the username map
to the fully qualified username (i.e. DOMAIN\user) only
after the user has been successfully authenticated.
In any case, there's not enough information in your original report to
make an educated guess on. Please attach your smb.conf file at a minimum.
I changed the map file to DOMAIN\userid and that fixed the problem.
Thanks for the help.