FW: [Samba] Kerberos case sensitive with Mac OS X on Samba 3.0.x

[ww m-pubsyssamba]

This was blocked with both good and bad log output due to the size limit on attachments
so I've removed the log from the successfull authentication. I think its pretty obvious
whats going on from the failed log,

	thanks Andy.

-----Original Message-----
From: ww m-pubsyssamba 
Sent: 06 May 2004 10:32
To: 'Jeremy Allison'; 'samba at lists.samba.org'
Subject: RE: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x


Second attempt, didn't accept my zip file first time....

Hi Jeremy/All,

	I've attached two gzips with both a good authentication (Kinit obtained using the same case as account is
stored in AD) and also a bad authentication (Where I've obtained a ticket for a username in all lower case
where the account is stored with mixed case in AD).

		thanks Andy.

PS the account is stored in /etc/passwd in the same case as AD, ie in my problem it is mixed case in
both locations.



-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org]
Posted At: 05 May 2004 19:26
Posted To: Samba
Conversation: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x
Subject: Re: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x


On Wed, May 05, 2004 at 06:39:38PM +0100, ww m-pubsyssamba wrote:
> Hi List,
> 
> 	I'm having an issue between Samba and OS X with regards to Kerberos authentication to a Samba AD member server.
> I'm using local UNIX accounts and entries in the passdb instead of Windind on the samba server, ie create account by adding
> to /etc/passwd then smbpasswd -a username. From an OS X client system if I obtain a ticket for user "UserA" like
> kinit UserA at KERBEROS.REALM then when I run klist I see the default principal remebers the case I used to obtain the ticket.
> Now when I try and access my Samba member server I successfully recieve a ticket for the Samba server and am able to access
> the server as expected.
> However if I then try kinit usera at KERBEROS.REALM (username is wrong case) I again successfully recieve my TGT but with
> the default principal listed in lower case and when I try and access the Samba server I get this error "could not connect to server 
> because user or password was incorrect". This is a big problem because when using the Apple AD plugin for authentication it 
> always requested the ticket with a lower case username! Also this problem does not affect Kerberos authentiction to a Windows 
> member server only Samba.
> Can anyone shed any light on this, whose fault is it? Samba or Apple?

Can you send in a debug level 10 log so we can try and determine where
the problem is ?

Thanks,

	Jeremy.

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.