RE: [Samba] Retry: Mapping AD domain users to UNIX users - Samba

This is a discussion on RE: [Samba] Retry: Mapping AD domain users to UNIX users - Samba ; Further information: Someone suggested that the problem might be because of the AD user names being uppercase, which could be resolved with a usermap file. There are some AD user IDs that are uppercase (whereas all the UNIX ones are ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: [Samba] Retry: Mapping AD domain users to UNIX users

  1. RE: [Samba] Retry: Mapping AD domain users to UNIX users

    Further information:

    Someone suggested that the problem might be because of the AD user names
    being uppercase, which could be resolved with a usermap file. There are
    some AD user IDs that are uppercase (whereas all the UNIX ones are
    lowercase). However, I thought that the automatic mapping took care of
    that? Also, I wanted to avoid having an explicit usermap file as that's
    one extra thing to manage. Maybe I'm expecting too much of Samba?

    I tried configuring for a usermap file and adding an account mapping
    into it. However, the security properties on the Windows side still
    display the account in the form:

    u123456 (Unix User\u123456)

    Regards,
    Nigel

    ----------------------------------------
    Nigel Pain
    The Scottish Government
    Corporate Systems Support
    Information Systems and Information Services (ISIS)
    Victoria Quay
    EDINBURGH
    EH6 6QQ
    UK


    ************************************************** ******

    This e-mail (and any files or other attachments transmitted with it) is intended solely for the attention of the addressee(s). Unauthorised use, disclosure, storage, copying or distribution of any part of this e-mail is not permitted. If you are not the intended recipient please destroy the email, remove any copies from your system and inform the sender immediately by return.



    Communications with the Scottish Government may be monitored or recorded in order to secure the effective operation of the system and for other lawful purposes. The views or opinions contained within this e-mail may not necessarily reflect those of the Scottish Government.

    ************************************************** ******


    The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi this email was certified virus free.
    Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Retry: Mapping AD domain users to UNIX users

    Hi

    with recent (< =3.0.26 I think) samba Versions it is possible to use

    http://us3.samba.org/samba/docs/man/...map_nss.8.html

    idmap domains = DOMNAME
    idmap config DOMNAME:backend = nss
    idmap config DOMNAME:readonly = yes

    in our case.

    We are running 3.0.28 in security = ADS,
    and Linux gets the same usernames from NIS vis nss.

    They are correctly mapped , and zhe windows security dialog shows
    DOMNAME\username

    Regards

    Hansjörg




    Nigel.Pain@scotland.gsi.gov.uk wrote:
    > Further information:
    >
    > Someone suggested that the problem might be because of the AD user names
    > being uppercase, which could be resolved with a usermap file. There are
    > some AD user IDs that are uppercase (whereas all the UNIX ones are
    > lowercase). However, I thought that the automatic mapping took care of
    > that? Also, I wanted to avoid having an explicit usermap file as that's
    > one extra thing to manage. Maybe I'm expecting too much of Samba?
    >
    > I tried configuring for a usermap file and adding an account mapping
    > into it. However, the security properties on the Windows side still
    > display the account in the form:
    >
    > u123456 (Unix User\u123456)
    >
    > Regards,
    > Nigel
    >
    > ----------------------------------------
    > Nigel Pain
    > The Scottish Government
    > Corporate Systems Support
    > Information Systems and Information Services (ISIS)
    > Victoria Quay
    > EDINBURGH
    > EH6 6QQ
    > UK
    >
    >
    > ************************************************** ******
    >
    > This e-mail (and any files or other attachments transmitted with it) is intended solely for the attention of the addressee(s). Unauthorised use, disclosure, storage, copying or distribution of any part of this e-mail is not permitted. If you are not the intended recipient please destroy the email, remove any copies from your system and inform the sender immediately by return.
    >
    >
    >
    > Communications with the Scottish Government may be monitored or recorded in order to secure the effective operation of the system and for other lawful purposes. The views or opinions contained within this e-mail may not necessarily reflect those of the Scottish Government.
    >
    > ************************************************** ******
    >
    >
    > The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi this email was certified virus free.
    > Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
    >


    --
    __________________________________________________ _______________

    Deutsches Zentrum fuer Luft- und Raumfahrt e.V.
    in der Helmholtz-Gemeinschaft

    Institut fuer Robotik und Mechatronik

    Dr. Hansjörg Maurer

    LAN- und Systemmanager

    Münchner Strasse 20
    82234 Wessling
    Germany

    Telefon: 08153/28-2431
    Telefax: 08153/28-1134

    E-Mail: Hansjoerg.Maurer@dlr.de
    Internet: http://www.robotic.dlr.de/

    __________________________________________________ ________________


    There are 10 types of people in this world,
    those who understand binary and those who don't.

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread