SAMBA 1.9.18p8, username map, server security

Ludek Babor Babor at Glavunion.cz
Wed Jun 24 13:00:33 GMT 1998 

> From:          "Ludek Babor" <Babor at Glavunion.cz>
> Organization:  Glavunion, a.s., Teplice
> To:            samba at samba.anu.edu.au
> Date:          Fri, 19 Jun 1998 15:05:34 +0200 (MET DST)
> Subject:       SAMBA 1.9.18p8, username map, server security
> Bcc:           Babor at Glavunion.cz
> Priority:      normal

> I have a problem with new version (1.9.18p8) of SAMBA and username 
> mapping.
> Configuration:
> WindowsNT 4.0 Workstation + SP1
> WindowsNT domain - NTEP01 is PDC
> Digital UNIX 3.2C
> Username on NT:
> Babor
> Username on UNIX:
> baborl
> 
> In SMB.CONF I have following lines:
> [global]
>   security = server
>   password server = NTEP01
>   username map = /usr/local/samba/lib/username.map
> 
> username.map:
> baborl = babor
> 
> I'm unable to connect to server - password server NTEP01 rejected the
> password. There is no problem with version 18p7 with the same SMB.CONF. I
> can submit both (18p7 and 18p8) log files created with debug level=5 - 8k
> and 11k.

Jeremy Allison sent me the patch for this bug. There it is:

----------------------cut here-------------------------
--- /home/jallison/tmp/samba-1.9.18p8/source/reply.c	Fri Jun 12 18:44:21 
1998
+++ reply.c	Mon Jun 15 09:57:01 1998
@@ -409,6 +409,7 @@
   pstring smb_ntpasswd;
   BOOL valid_nt_password = False;
   pstring user;
+  pstring orig_user;
   BOOL guest=False;
   BOOL computer_id=False;
   static BOOL done_sesssetup = False;
@@ -586,6 +587,15 @@
 
   reload_services(True);
 
+   /*
+    * Save the username before mapping. We will use
+    * the original username sent to us for security=server
+    * checking.
+    */
+ 
+   pstrcpy( orig_user, user);
+ 
+
   /*
    * Pass the user through the NT -> unix user mapping
    * function.
@@ -609,9 +619,10 @@
     guest = True;
 
   if (!guest && !(lp_security() == SEC_SERVER && 
-		  server_validate(user, domain, 
-				  smb_apasswd, smb_apasslen, 
-				  smb_ntpasswd, smb_ntpasslen)) &&
+      /* Check with orig_user for security=server. */
+      server_validate(orig_user, domain, 
+                      smb_apasswd, smb_apasslen, 
+                      smb_ntpasswd, smb_ntpasslen)) &&
       !check_hosts_equiv(user))
     {
 

----------------------end patch------------------------

Best regards
	Ludek Babor			E-Mail: Babor at Glavunion.cz
	operation manager			E-Mail: Ludek.Babor at Glavunion.cz
	Glavunion, a.s., Teplice	Tel: +420-417-503085
	Sklarska 450			Fax: +420-417-508085
	416 74 Teplice			FIDO: 2:423/74.13

	PGP key available from PGP key servers (http://www.pgp.net/pgpnet)

	I use MIME ISO-8859-2 friendly software.

More information about the samba mailing list