Safe netbios characters

Christopher R. Hertel crh at
Thu Jan 17 14:24:07 GMT 2002

It is important to note that the username is not, initially, a NetBIOS
name.  It only becomes a NetBIOS name when services (the messanger
service, in this case) register the user name as a NetBIOS name. 

NetBIOS names are always written in 8-bit mode.  Any value except the nul 
byte (0x00) is permitted in a NetBIOS name (consider the MSBROWSE name) 
as long as it can be encoded.  There is only one other exception and that 
is that a name may not begin with an asterisk ('*'), per RFC1001/1002.

That said, there are a lot of reasons why the ! should not be allowed in 
a username.  The ! character has meaning in internet E'mail routing.  It 
used to be used in uucp mail addresses and *is still recognized* as a 
valid separator.  So:  samba!crh at would mean "route the message 
to and ask to route it via uucp to node samba and 
then to user crh".

Chris -)-----

> TAKAHASHI Motonobu wrote:
> > 
> > Tim Potter wrote:
> > >I'm not sure whether this patch is complete.  According to the User
> > >Manager the following characters can't be present in a username:
> > >"/\[]:;|=,+*?<>
> > >
> > >Not sure about domain names though.  Also the space character is
> > >specifically allowed in both domain and usernames!
> > 
> > If you imagine Japanese, more and more characters should be available.
> > "What character is valid" depends on the codepage, so it should depend
> > on "client code page" parameter if strictly or all characters except
> > some dangerous chars need to be available, I think.
> If we do it that way we *will* miss some.
> The idea is that this check is *parinoid*.  All efforts to change
> 'alpha_strcpy' to be less paranoid will meet with my strongest
> opposition.  This includes efforts to make it 'mulitbyte aware'.
> This code is there becouse people use these variables in % macro
> expansion.  As such we need this parinoia.  
> When I get a chance I intend to allow at least some more flexability in
> HEAD by allowing strange characters in the name we use for processing
> username maps and the name we pass to the DC but not the name we use the
> the %U expansions.
> I have not yet looked at what to do for actual unix usernames.
> Andrew Bartlett
> -- 
> Andrew Bartlett                                 abartlet at
> Manager, Authentication Subsystems, Samba Team  abartlet at
> Student Network Administrator, Hawker College   abartlet at

Christopher R. Hertel -)-----                   University of Minnesota
crh at              Networking and Telecommunications Services

    Ideals are like stars; you will not succeed in touching them
    with your choose them as your guides, and following
    them you will reach your destiny.  --Carl Schultz

More information about the samba-technical mailing list