[Samba] "@" doesn't work in the NT domain name

Andrew Bartlett abartlet at samba.org
Sat Sep 21 13:40:01 GMT 2002

Gerald Carter wrote:
> On Thu, 19 Sep 2002 dave.andruczyk at valeo.com wrote:
> >
> > I am part of a large worldwide Active Directory and all of our individual
> > site NT domain names have an  ampersand symbol in them
> > (for example: VWS at ROCHESTER)  Samba 2.2.6pre2 and older won't join this
> > domain name, or allow connections to it from users in this domain.  The
> > logs state that the domain name is "VWS_ROCHESTER",  the code is squashing
> > the @ to an _ causing all authentification attempts to fail.  Since we are
> > migrating to this domain, all of our samba servers will NOT function for
> > users connecting from the AD domains due to the domain-name mangling.
> >
> > I was told this was done as part of a security audit to the samba code, but
> > it breaks compatibility in a major way. Ampersands are VALID in a netbios
> > domain name, just not in a machine name (AFAIK), but samba doesn't comply
> > in this regard.  Since changing the netbios domain names of our win2k
> > domains is not possible, I need a fix ASAP.  Any suggestions?
> grrr... I hate that alpha_strcpy() code.  I'll get you a fix today.
> Can you send me a level 10 debug log of the failure?

It also catches people with names like O'Reilly (often used with
username map).  The issue is fixing this while keeping a lit on the %U
macro games - particulary with things like 'security=server' and 'add
user script' etc.

In Samba HEAD we come much closer to being able to have a 'safe'
username for %U etc, and an 'unsafe' name for internal use.  Most of the
work remaining is a good code audit...

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list