Does Samba support UPN authentication using NTLM?

Stefan Metzmacher metze at samba.org
Wed Aug 31 08:28:53 UTC 2016


Am 31.08.2016 um 04:38 schrieb Hemanth Thummala:
> I have attached to gdb and found the place at where exactly smbclient is constructing the account name by excluding the realm.
> 
> (gdb) bt
> #0 cli_session_setup_get_account () at ../source3/libsmb/cliconnect.c:1705
> #1 0x00007ffff6b5e18d in cli_session_setup_spnego_send () at ../source3/libsmb/cliconnect.c:1764
> #2 0x00007ffff6b5ef29 in cli_session_setup_send () at ../source3/libsmb/cliconnect.c:2019
> #3 0x00007ffff6b5f865 in cli_session_setup () at ../source3/libsmb/cliconnect.c:2208
> #4 0x00007ffff6b899f9 in do_connect () at ../source3/libsmb/clidfs.c:198
> #5 0x00007ffff6b89ffb in cli_cm_connect () at ../source3/libsmb/clidfs.c:321
> #6 0x00007ffff6b8a3cf in cli_cm_open () at ../source3/libsmb/clidfs.c:424
> #7 0x0000555555568c12 in process () at ../source3/client/client.c:5497
> #8 0x0000555555569fdf in main (argc=3, argv=0x7fffffffe5f8) at ../source3/client/client.c:5924
> 
> 
> This is where it checks for ‘@‘ and truncates the username.
> 
> cli_session_setup_get_account()
> 
> ..
>   p = strchr_m(account, '@');
> if (p != NULL) {
> *p = '\0';
> }
> ..
> 
> 
> Not sure if this helps in trusted domain user authentication case where we will need to know the DOMAIN workgroup information to construct DOMAIN\user format.
> 

I also found that, while testing a related problem with the server code,
where we alter the error code for failed authentications based on an '@'
in the username.

I think the way to implement this is to pass a cli_credentials structure,
through all layers, instead of passing individual 'username', 'domain',
'password' parameters,
and translated them back and forth from/to cli_credentials structures,
while loosing important
information.

Maybe we'll get there for 4.6...

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160831/81392c88/signature.sig>


More information about the samba-technical mailing list