Mapping workstation\user to domain\user incorrectly?

Gerald (Jerry) Carter jerry at samba.org
Fri Sep 21 15:06:41 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Steven,

> I'm having an authentication problem in Samba 3.0.24 
> and have some questions about an implementation decision.
> 
> Let me first explain my setup.  I have a Win2K3 domain 
> 2K3D, a Samba server acting as a domain member, and
> a Win2K3 client in its own workgroup.
> 
> W2K3Client ----> Samba Domain Member ----> Win2K3 DC
> 
> There exists a domain user "testuser" and on the 
> client machine there exists a local user with the same name.
...
> I've traced this behavior to auth/auth.c:make_user_info_map() 
> which purposefully converts the domain with the comment:
> 
> /* do what win2k does.  Always map unknown domains to our own
>    and let the "passdb backend" handle unknown users. */

Technically the issue is the get_same_name() code
in passdb.c.

> Does anyone know/remember the configuration where a 
> Win2K file server will act this way?  For the moment
> this seems like incorrect behavior to me because
> of the local user/domain user conflict demonstrated.

We've gone back and forth over that code before.  The
currently solution is debatable.  Volker looked at
it last IIRC.  But it has been a really long time ago.
The last change was before the swap over to svn.

I'd be glad to accept patches that mimics a current Windows
member server.  But the problem is more complicated than it
first appears from my memory.   At this point, I've gotten
so use to passing in "/user:MACHINE\username" from cmd.exe
that it doesn't bother me so much any more.

That probably doesn't help much except to acknowledge that
others have questioned the behavior before as well.



cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG894BIR7qMdg1EfYRAnfhAJ9e54y4PZgLYhDw/lNXFyQaWtARMgCdEfwn
DicJrpCs6rrbHYjtSo6hJgY=
=KNG+
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list