Mapping workstation\user to domain\user incorrectly?
Gerald (Jerry) Carter
jerry at samba.org
Fri Sep 21 15:06:41 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Steven,
> I'm having an authentication problem in Samba 3.0.24
> and have some questions about an implementation decision.
>
> Let me first explain my setup. I have a Win2K3 domain
> 2K3D, a Samba server acting as a domain member, and
> a Win2K3 client in its own workgroup.
>
> W2K3Client ----> Samba Domain Member ----> Win2K3 DC
>
> There exists a domain user "testuser" and on the
> client machine there exists a local user with the same name.
...
> I've traced this behavior to auth/auth.c:make_user_info_map()
> which purposefully converts the domain with the comment:
>
> /* do what win2k does. Always map unknown domains to our own
> and let the "passdb backend" handle unknown users. */
Technically the issue is the get_same_name() code
in passdb.c.
> Does anyone know/remember the configuration where a
> Win2K file server will act this way? For the moment
> this seems like incorrect behavior to me because
> of the local user/domain user conflict demonstrated.
We've gone back and forth over that code before. The
currently solution is debatable. Volker looked at
it last IIRC. But it has been a really long time ago.
The last change was before the swap over to svn.
I'd be glad to accept patches that mimics a current Windows
member server. But the problem is more complicated than it
first appears from my memory. At this point, I've gotten
so use to passing in "/user:MACHINE\username" from cmd.exe
that it doesn't bother me so much any more.
That probably doesn't help much except to acknowledge that
others have questioned the behavior before as well.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG894BIR7qMdg1EfYRAnfhAJ9e54y4PZgLYhDw/lNXFyQaWtARMgCdEfwn
DicJrpCs6rrbHYjtSo6hJgY=
=KNG+
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list