- Default: username map = # no username map
- Example: username map = /usr/local/samba/lib/users.map
Samba versions prior to 3.0.8 would only support reading the fully qualified username (e.g.: DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server.
The following functionality is obeyed in version 3.0.8 and later:
- When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection.
- When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated.