known BUG "multi-byte character set in usernames"
Juergen Hasch
Hasch at t-online.de
Thu May 30 07:54:01 GMT 2002
Hi Guenther,
Am Donnerstag, 30. Mai 2002 16:17 schrieb Guenther Deschner:
> hello,
>
> smb.conf-manpage of 2.2.5pre and HEAD states the bug of "multi-byte
> character sets in usernames":
>
> -----8<------------------snip--------------8<--------------
> BUG: There is currently a bug in the implementation of
> security = domain with respect to multi-byte character set
> usernames. The communication with a Domain Controller must
> be done in UNICODE and Samba currently does not widen
> multi-byte user names to UNICODE correctly, thus a multi-
> byte username will not be recognized correctly at the
> Domain Controller. This issue will be addressed in a
> future release.
> ----->8------------------snap-------------->8--------------
>
> will this bug be solved in the near future? in 2.2.5 or HEAD?
>
> the main problem with this is that you get crippled wellknown
> domain-groups with winbind (on suse linux 8, kernel 2.4.18, samba-2_2)
> and german NT-servers where rid200 (Domain Admins) is Domänen-Admins,
> and rid202 is Domänen-Gäste.
>
> now wbinfo -g cuts out the UTF8 chars and will show you e.g.
> DOMAIN+Domnen-Admins, DOMAIN+Domnen-Gste, etc.
>
> now you cannot set XFS-ACLs properly since neither DOMAIN+Domnen-Admins
> nor DOMAIN+Domänen-Admins does resolve back ...
>
> a simple (and ugly) workaround is to create the three domain-groups in
> question in /etc/group. with that you still have to keep an eye on the
> correct winbind-gid mapping and rid200 appears crippled in security tab.
>
> is there any other workaround for this?
I believe this is a different problem. There is just no conversion of group
and user names to the desired character set.
With the patch below applied I get:
hasch at tower:~> getent group
...
DOMAIN\Domänen-Admins:x:10003:DOMAIN\Administrator,DOMAIN\testadmin
DOMAIN\Domänen-Gäste:x:10004:DOMAIN\Gast
DOMAIN\Domänencomputer:x:10005:
DOMAIN\Domänencontroller:x:10006:
...
Now the correct usernames and groups are shown. I only added a few
conversions, the correct approach would be to check all
unistr2_to_ascii calls and add dos_to_unix where neccessary.
I will generate a complete patch if the Samba team thinks it's worth
considering and I am not completely on the wrong track :-)
...Juergen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winbind_charset.patch
Type: text/x-diff
Size: 2938 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020530/e0172478/winbind_charset.bin
More information about the samba-technical
mailing list