[Samba] "@" doesn't work in the NT domain name
jra at dp.samba.org
jra at dp.samba.org
Fri Sep 20 02:21:01 GMT 2002
On Thu, Sep 19, 2002 at 04:30:44PM -0400, dave.andruczyk at valeo.com wrote:
>
> I am part of a large worldwide Active Directory and all of our individual
> site NT domain names have an ampersand symbol in them
> (for example: VWS at ROCHESTER) Samba 2.2.6pre2 and older won't join this
> domain name, or allow connections to it from users in this domain. The
> logs state that the domain name is "VWS_ROCHESTER", the code is squashing
> the @ to an _ causing all authentification attempts to fail. Since we are
> migrating to this domain, all of our samba servers will NOT function for
> users connecting from the AD domains due to the domain-name mangling.
>
> I was told this was done as part of a security audit to the samba code, but
> it breaks compatibility in a major way. Ampersands are VALID in a netbios
> domain name, just not in a machine name (AFAIK), but samba doesn't comply
> in this regard. Since changing the netbios domain names of our win2k
> domains is not possible, I need a fix ASAP. Any suggestions?
Try the following patch - please let me know if it fixes the problem.
Thanks,
Jeremy.
Index: smbd/reply.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/reply.c,v
retrieving revision 1.240.2.117
diff -u -r1.240.2.117 reply.c
--- smbd/reply.c 11 Sep 2002 01:05:18 -0000 1.240.2.117
+++ smbd/reply.c 20 Sep 2002 02:20:13 -0000
@@ -860,7 +860,7 @@
/* don't allow strange characters in usernames or domains */
alpha_strcpy(user, user, ". _-$", sizeof(user));
- alpha_strcpy(domain, domain, ". _-", sizeof(domain));
+ alpha_strcpy(domain, domain, ". _-@", sizeof(domain));
if (strstr(user, "..") || strstr(domain,"..")) {
return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw);
}
More information about the samba
mailing list