Samba 3.3.9 support for ADUserName != UnixUserName

Dave Daugherty dave.daugherty at
Mon Jan 11 12:10:18 MST 2010

Consider the case of Joe User at OCEAN.COM

NTLM Domain:              "OCEAN"
Windows SAM Acount Name:  "Joe User"
Windows UPN Name:         "Joe User at OCEAN.COM"
UnixName:                 joeuser

Given OCEAN\joeuser (albeit a bad mix of NTLM user name and the UNIX
user name):

smb_getpwnam() eventually strips domain names, and finds joeuser because
Centrify's NSS can lookup users by UNIX names stored in AD, as well as
various forms or AD names.

pwnam_alloc does not strip domain names and does not find the user

Then password.c register_homes_share() does not advertise the user's
home directory.

Our engineer Weikuan Zhou proposes following patch to overcome this

ssword.c	2009-10-12 19:11:53.000000000 +0800
+++ smbd/password.c	2010-01-11 16:55:28.000000000 +0800
@@ -209,6 +209,7 @@
 	int result;
 	struct passwd *pwd;
+    fstring real_username;
 	result = lp_servicenumber(username);
 	if (result != -1) {
@@ -218,7 +219,7 @@
 		return result;
-	pwd = getpwnam_alloc(talloc_tos(), username);
+    pwd = smb_getpwnam(NULL, (char*)username, real_username, False);
 	if ((pwd == NULL) || (pwd->pw_dir[0] == '\0')) {
 		DEBUG(3, ("No home directory defined for user '%s'\n",

Another possible fix would be for pwnam_alloc to call smb_getpwnam, or
implement similar functionality.

I am pretty sure we could have worked around this with "username map",
but so far we have been able to support ADUserName != UnixUuserName
without having to resort to this.


Dave Daugherty
Centrify Corp.

More information about the samba-technical mailing list