SAMBA 1.9.18p8, username map, server security
Ludek Babor
Babor at Glavunion.cz
Wed Jun 24 13:00:33 GMT 1998
> From: "Ludek Babor" <Babor at Glavunion.cz>
> Organization: Glavunion, a.s., Teplice
> To: samba at samba.anu.edu.au
> Date: Fri, 19 Jun 1998 15:05:34 +0200 (MET DST)
> Subject: SAMBA 1.9.18p8, username map, server security
> Bcc: Babor at Glavunion.cz
> Priority: normal
> I have a problem with new version (1.9.18p8) of SAMBA and username
> mapping.
> Configuration:
> WindowsNT 4.0 Workstation + SP1
> WindowsNT domain - NTEP01 is PDC
> Digital UNIX 3.2C
> Username on NT:
> Babor
> Username on UNIX:
> baborl
>
> In SMB.CONF I have following lines:
> [global]
> security = server
> password server = NTEP01
> username map = /usr/local/samba/lib/username.map
>
> username.map:
> baborl = babor
>
> I'm unable to connect to server - password server NTEP01 rejected the
> password. There is no problem with version 18p7 with the same SMB.CONF. I
> can submit both (18p7 and 18p8) log files created with debug level=5 - 8k
> and 11k.
Jeremy Allison sent me the patch for this bug. There it is:
----------------------cut here-------------------------
--- /home/jallison/tmp/samba-1.9.18p8/source/reply.c Fri Jun 12 18:44:21
1998
+++ reply.c Mon Jun 15 09:57:01 1998
@@ -409,6 +409,7 @@
pstring smb_ntpasswd;
BOOL valid_nt_password = False;
pstring user;
+ pstring orig_user;
BOOL guest=False;
BOOL computer_id=False;
static BOOL done_sesssetup = False;
@@ -586,6 +587,15 @@
reload_services(True);
+ /*
+ * Save the username before mapping. We will use
+ * the original username sent to us for security=server
+ * checking.
+ */
+
+ pstrcpy( orig_user, user);
+
+
/*
* Pass the user through the NT -> unix user mapping
* function.
@@ -609,9 +619,10 @@
guest = True;
if (!guest && !(lp_security() == SEC_SERVER &&
- server_validate(user, domain,
- smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen)) &&
+ /* Check with orig_user for security=server. */
+ server_validate(orig_user, domain,
+ smb_apasswd, smb_apasslen,
+ smb_ntpasswd, smb_ntpasslen)) &&
!check_hosts_equiv(user))
{
----------------------end patch------------------------
Best regards
Ludek Babor E-Mail: Babor at Glavunion.cz
operation manager E-Mail: Ludek.Babor at Glavunion.cz
Glavunion, a.s., Teplice Tel: +420-417-503085
Sklarska 450 Fax: +420-417-508085
416 74 Teplice FIDO: 2:423/74.13
PGP key available from PGP key servers (http://www.pgp.net/pgpnet)
I use MIME ISO-8859-2 friendly software.
More information about the samba
mailing list