Samba 3.3.9 support for ADUserName != UnixUserName
Dave Daugherty
dave.daugherty at centrify.com
Mon Jan 11 12:10:18 MST 2010
Consider the case of Joe User at OCEAN.COM
NTLM Domain: "OCEAN"
Windows SAM Acount Name: "Joe User"
Windows UPN Name: "Joe User at OCEAN.COM"
UnixName: joeuser
Given OCEAN\joeuser (albeit a bad mix of NTLM user name and the UNIX
user name):
smb_getpwnam() eventually strips domain names, and finds joeuser because
Centrify's NSS can lookup users by UNIX names stored in AD, as well as
various forms or AD names.
pwnam_alloc does not strip domain names and does not find the user
Then password.c register_homes_share() does not advertise the user's
home directory.
Our engineer Weikuan Zhou proposes following patch to overcome this
issue:
---
/home/sinobot/workspace/TOPCAT/external/build/samba-3.3.9/source/smbd/pa
ssword.c 2009-10-12 19:11:53.000000000 +0800
+++ smbd/password.c 2010-01-11 16:55:28.000000000 +0800
@@ -209,6 +209,7 @@
{
int result;
struct passwd *pwd;
+ fstring real_username;
result = lp_servicenumber(username);
if (result != -1) {
@@ -218,7 +219,7 @@
return result;
}
- pwd = getpwnam_alloc(talloc_tos(), username);
+ pwd = smb_getpwnam(NULL, (char*)username, real_username, False);
if ((pwd == NULL) || (pwd->pw_dir[0] == '\0')) {
DEBUG(3, ("No home directory defined for user '%s'\n",
Another possible fix would be for pwnam_alloc to call smb_getpwnam, or
implement similar functionality.
I am pretty sure we could have worked around this with "username map",
but so far we have been able to support ADUserName != UnixUuserName
without having to resort to this.
Regards
Dave Daugherty
Centrify Corp.
More information about the samba-technical
mailing list