I have successfully joined a samba 3.0.1rc server with security=ads to a W2k AD-Server. Connecting to a share works fine. Our testuser has in AD a differnt username than on Unix (NIS) Therefore we use a username map. this is the log when connecting to the share NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/10/30 08:34:38, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[maurerh] domain=[DLR] workstation=[ADRMPC042] len1=24 len2=24 When I try to connect to the computer with the MS Snap-In "Admin-Computer" (Computer verwalten in german) access is denied and samba logs the following: NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) Got OID 1 2 840 48018 1 2 2 [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) Got OID 1 2 840 113554 1 2 2 [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(388) Got secblob of size 1270 [2003/10/29 16:34:42, 3] smbd/sesssetup.c:reply_spnego_kerberos(178) Ticket name is [maurerh@INTRA.DLR.DE] [2003/10/29 16:34:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(218) Username maurerh is invalid on this system [2003/10/29 16:34:42, 3] smbd/error.c:error_packet(94) If I create the local user maurerh on the linux machine it works and i can connect. [root@rmcs01 pam.d]# more /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest maurer = maurerh [root@rmcs01 /root]# testparm | grep map username map = /etc/samba/smbusers map archive = No
marked against 3.0.1pre1. Patch uploaded. Please test and let me know. Thanks.
Created attachment 239 [details] apply username map to krb logins
I'm pretty sure this is ok. CHecking it in to CVS since I'm an impatient person and like to close out bugs. :-)
I believe that this bug has not quite been fixed yet. The patch of 2003-11-04 (now incorporated into samba-3.0.1pre2) does attempt to map the user, but it fails to strip the lp_winbind_separator from the mapped username. Changing line 975 (of 3.0.1pre2) from fstrcpy( mapped_username, p ); to fstrcpy( mapped_username, p+1 ); should resolve this problem.
Forgot to add above, the file in question is auth/auth_util,c, and the function is smb_getpwnam.
This was my goof. Already fixed in the CVS tree (a few hours after 3.01.pre2). Sorry.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup