machine names same as usernames -> problems...

Andrew Bartlett abartlet at samba.org
Thu Feb 6 20:39:28 GMT 2003 

On Fri, 2003-02-07 at 01:04, Bradley W. Langhorst wrote:
> Since samba 2.2.8 seems to be on the way i thought i might raise this
> issue before release.
> 
> I've seen a few users get confused by the fact that their machine name
> and their user name cannot be very similar
> 
> adil (users) and
> adil$ (machine)
> cannot work.

Why can't it work?  I've seen this discussed a number of times, but
never really been told why it doesn't work.  That $ is there for exactly
that reason you know - to make them different.  

> I think it's not good practice to have machine names and usernames be
> the same but i also don't think samba should fail cryptically in that
> situation...

Can you describe the failure please?  

> The usernames are different - why does this fail?
> I'm guessing that the $ gets stripped off somewhere but why?
> 
> At minimum we should provide an explicit prohibion in the docs 
> (doc patch for SAMBA2_2 follows)
> 
> 
> diff -u -r1.1.2.15 Samba-PDC-HOWTO.sgml
> --- docs/docbook/projdoc/Samba-PDC-HOWTO.sgml   28 Nov 2001 22:03:22
> -0000      1.1.2.15
> +++ docs/docbook/projdoc/Samba-PDC-HOWTO.sgml   6 Feb 2003 14:02:08
> -0000
> @@ -288,6 +288,11 @@
>  account, and thus has no shared secret with the domain controller.
>  </para>
> 
> +<para>Note: Machine accounts must not have the same base names as user
> +accounts.  eg.  The machine account "sambauser1$" is not allowed when
> +there is a regular user "sambauser1".
> +</para>
> +

Certainly at the SAM level, there is no reason for this restriction. 
There may be other good reasons, but an NT SAM (and therefore smbpasswd
etc) should have no problem with this.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030207/1cf63dfd/attachment.bin

More information about the samba-technical mailing list