Does Samba support UPN authentication using NTLM?

Hemanth Thummala hemanth.thummala at nutanix.com
Wed Aug 31 00:35:10 UTC 2016


Hi Jeremy,

Thanks for the quick response. Here I have attached the winbindd.log and client.log. User name is “user9”.

Thanks,
Hemanth.




On 8/30/16, 5:18 PM, "Jeremy Allison" <jra at samba.org> wrote:

>On Tue, Aug 30, 2016 at 11:34:51PM +0000, Hemanth Thummala wrote:
>> Hi,
>> 
>> We are using samba 4.3.11 stack as a member server. We could see that authentication for UPN(user at domain) formats failing with STATUS NO SUCH USER. Looking at the code, we are not actually converting the UPN to DOMAIN\USER format before contacting the DC. Whereas UPN access works fine with Kerberos auth.
>> 
>> What I understood is that NTLM doesn’t support UPN format. We might want to convert the user format(to DOMAIN\user) before checking with DC which we are not doing currently. I would like to know if there is any plan to support this in future.
>> 
>> On the other hand, I could see that smbclient works with UPN format. Looks like we are converting the name format here to DOMAIN\user. I couldn’t trace out the place where we do this conversion. If we could do the conversion here, can't we use the same thing in winbindd as well?
>
>Can you post the debug level 10 log from the smbclient working
>with UPN and converting to DOMAIN\user. We should be able to
>spot the point at which the conversion takes place from the
>logs produced (and then we can look into doing the same
>elsewhere).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winbindd.log
Type: application/octet-stream
Size: 253333 bytes
Desc: winbindd.log
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160831/0a0c518d/winbindd-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.log
Type: application/octet-stream
Size: 189009 bytes
Desc: client.log
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160831/0a0c518d/client-0001.obj>


More information about the samba-technical mailing list