Client usernames on an SMB network can be relatively large (up to 255 characters), while usernames on a Unix network often cannot be larger than eight characters. This means that an individual user may have one username on a client and another (shorter) one on the Samba server. You can get past this issue by
mapping a free-form client username to a Unix username of eight or fewer characters. It is placed in a standard text file, using a format that we'll describe shortly. You can then specify the pathname to Samba with the global
username
map option. Be sure to restrict access to this file; make the root user the file's owner and deny write access to others. Otherwise, an untrusted user who can access the file can easily map their client username to the root user of the Samba server.
You can specify this option as follows:
[global]
username map = /etc/samba/usermap.txt
Each of the entries in the username map file should be listed as follows: the Unix username, followed by an equal sign (
=), followed by one or more whitespace-separated SMB client usernames. Note that unless instructed otherwise, (i.e., a guest connection), Samba will expect both the client and the server user to have the same password. You can also map NT groups to one or more specific Unix groups using the
@ sign. Here are some examples:
jarwin = JosephArwin
manderso = MarkAnderson
users = @account
Also, you can use the asterisk to specify a wildcard that matches any free-form client username as an entry in the username map file:
nobody = *
Comments in the file can be specified as lines beginning with (
#) and (
;).
Note that you can also use this file to redirect one Unix user to another user. Be careful if you do so because Samba and your client may not notify the user that the mapping has been made and Samba may be expecting a different password.
