Mapping workstation\user to domain\user incorrectly?

Gerald (Jerry) Carter jerry at
Fri Sep 21 15:06:41 GMT 2007

Hash: SHA1

Hey Steven,

> I'm having an authentication problem in Samba 3.0.24 
> and have some questions about an implementation decision.
> Let me first explain my setup.  I have a Win2K3 domain 
> 2K3D, a Samba server acting as a domain member, and
> a Win2K3 client in its own workgroup.
> W2K3Client ----> Samba Domain Member ----> Win2K3 DC
> There exists a domain user "testuser" and on the 
> client machine there exists a local user with the same name.
> I've traced this behavior to auth/auth.c:make_user_info_map() 
> which purposefully converts the domain with the comment:
> /* do what win2k does.  Always map unknown domains to our own
>    and let the "passdb backend" handle unknown users. */

Technically the issue is the get_same_name() code
in passdb.c.

> Does anyone know/remember the configuration where a 
> Win2K file server will act this way?  For the moment
> this seems like incorrect behavior to me because
> of the local user/domain user conflict demonstrated.

We've gone back and forth over that code before.  The
currently solution is debatable.  Volker looked at
it last IIRC.  But it has been a really long time ago.
The last change was before the swap over to svn.

I'd be glad to accept patches that mimics a current Windows
member server.  But the problem is more complicated than it
first appears from my memory.   At this point, I've gotten
so use to passing in "/user:MACHINE\username" from cmd.exe
that it doesn't bother me so much any more.

That probably doesn't help much except to acknowledge that
others have questioned the behavior before as well.

cheers, jerry
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list