Prepending "\" to user name w/Win98 Domain Login
Simo Sorce
idra at samba.org
Sun Aug 18 08:20:02 GMT 2002
I've just looked at the code, and it retest later with username only if
it has not got access with the domain name set, so I see no problems at
all. Can you provide more informations eventually?
On Fri, 2002-08-16 at 17:21, Jeff Mandel wrote:
[snip]
> This call supposedly validates the <domain>\<user> string.
> On Solaris, with NIS a win98 box tries to connect to a samba PDC.
> There's no domain name passed by the win98 client, but the setup for the
> string is <domain><winbindseparator><user>.
look a few lines later it does another sys_getpwnam() with user name
only.
> There's no domain - the string is now <><\><user>
> 1) If there's no domain, why would a winbind separator do something useful?
see above
> 2) The wacky thing here is that \user actually returns successful with NIS.
> jeff at host% getent passwd jeff
> jeff:x:6789:6789::/export/home/jeff:/bin/ksh
> jeff at host% getent passwd \jeff
> jeff:x:6789:6789::/export/home/jeff:/bin/ksh
this test is not right you should write \\jeff to check if NIS really
ignores a leading \ because \ is an escape and the shell will interpret
\j as pure j
I've just setup a linux NIS server and couldn't reproduce this bug, BTW
> 3) The valadation doesn't really validate in this case since the value
> used is not what the sytem returned: \jeff != jeff, but the check in
> reply.c is only for != NULL. When this gets looked up the the samba
> password db, failure is certain. There's no \jeff in the samba password
> database.
what != NULL case do you refer to?
> sesssetupX:name=[JEFF]
> [2002/08/11 12:21:44, 3] smbd/reply.c:reply_sesssetup_and_X(929)
> Using unix username \JEFF
> [2002/08/11 12:21:44, 2] smbd/reply.c:reply_sesssetup_and_X(982)
> Defaulting to Lanman password for \jeff
> [2002/08/11 12:21:44, 1] smbd/password.c:pass_check_smb(545)
> Couldn't find user '\jeff' in passdb.
> [2002/08/11 12:21:44, 1] smbd/reply.c:reply_sesssetup_and_X(998)
> Rejecting user '\jeff': authentication failed
This log seem to avail your claim, can you provide informations about
client OS, NIS server OS, samba version ....
> 4) When the client is win2k which passes a domain in, this code is
> called to lookup getpwnam(<domain><sep><user>). Without some special
> module, when would a unix system ever return a positive response to this
> kind of lookup?
see above (if that lookup fails, username alone is tested)
Simo.
--
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
More information about the samba-technical
mailing list