The bloomin' Irish
Andrew Bartlett
abartlet at pcug.org.au
Thu Dec 6 00:59:38 GMT 2001
"Lightfoot.Michael" wrote:
>
> Let me first apologise for asking on two lists, but this problem is (of
> course) urgent because prior to this afternoon I was unaware of the problem
> and it has been affecting production users for two days despite me having
> warned everyone that they should be looking out for possible Samba problems!
>
> I have just upgraded most of our samba servers from 1.9.18 (various patch
> levels) to 2.2.2 on Solaris 8 and Solaris 2.6. This was forced by an
> upgrade of the Windoze password server from NT4 to Win2K. Patch levels of
> 1.9.18 prior to (about) 10 would not work with the new server. Patch level
> 10 does, luckily and remains on a system about to be retired.
>
> We now have another problem. Our users.map file contains a few Irish
> characters with apostrophes in their NT login names (e.g. O'Nerk.Fred) which
> are all of the format lastname.firstname.
>
> When these users now try to attach to a share the name get mangled by samba,
> changing the apostrophe to an underscore (ie o_nerk.fred) as well as the
> ussual case mangling and this results in a login failure. On the 1.9.18p10
> system no such mangling occurs.
The lowercasing is becouse the name didn't map, so it got caught up in
the normal samba 'attempt to find matching unix user' process...
> I have searched archives of both lists and found only one entry about 18
> months ago where someone asked if this would work. I have also searched
> most of the docos and not found a solution.
Unfortunetly the only reference is an obscure line in the WHATSNEW.TXT
and the cvs commit message. None of which would have attracted your
attention...
> Does anyone on the lists have the (probably bleeding obvious) answer?
> Relevant smb.conf entries (this file wasn't changed between versions and
> passes testparm on 2.2.2 except mysteriously for "share modes".)
>
> workgroup = COMCARE
> security = server
> password server = act-primary
> encrypt passwords = yes
> wins server = act-secondary
> username map = /usr/local/samba/lib/users.map
> domain master = no
> local master = no
>
> Michael Lightfoot
> SysIX Unix Systems Consulting
> 02 6258 8185
> michael.lightfoot at canb.auug.org.au
It looks like you have hit some Samba parinoia on user-supplied inputs.
The following snippit in reply.c:sesssetup_and_X() caused your problem:
/* don't allow strange characters in usernames or domains */
alpha_strcpy(user, user, ". _-$", sizeof(user));
alpha_strcpy(domain, domain, ". _-", sizeof(domain));
if (strstr(user, "..") || strstr(domain,"..")) {
return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw);
}
This patch should fix it tempoarily - but don't use %U in your smb.conf,
becouse the ' could (potentially, possibly) cause problems.
Index: reply.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/reply.c,v
retrieving revision 1.240.2.72
diff -u -r1.240.2.72 reply.c
--- reply.c 20 Oct 2001 21:23:51 -0000 1.240.2.72
+++ reply.c 6 Dec 2001 08:48:23 -0000
@@ -856,7 +856,7 @@
}
/* don't allow strange characters in usernames or domains */
- alpha_strcpy(user, user, ". _-$", sizeof(user));
+ alpha_strcpy(user, user, ". _-$'", sizeof(user));
alpha_strcpy(domain, domain, ". _-", sizeof(domain));
if (strstr(user, "..") || strstr(domain,"..")) {
return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw);
In the long term, I'll see if we can arrange for usernames to be used
unchanged within samba - except for the %U substituions - to avoid this
in future (this is a larger change, and will require significantly more
testing).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list