[Samba] WINBIND with usernames with &
abartlet at samba.org
Sun Mar 30 03:46:31 GMT 2003
On Thu, 2003-03-20 at 07:06, Tom Dickson wrote:
> Samba doesn't allow connections from usernames that have & in them. For
> example, using 2.2.5 and winbind with
> security = DOMAIN
> password server = win2kmixed
> workgroup = MIXEDDOMAIN
> all my users can login, (for example MIXEDDOMAIN+aho, MIXEDDOMAIN+tdickson),
> but my users named "&" and "bobalso&" (which should be MIXEDDOMAIN+& and
> MIXEDDOMAIN+bobalso&) don't work. The log.win2kclient file indicates that
> samba has changed & to _. (I.E, unable to connect for user _ or user
> bobalso_, which won't work because it can't validate those users with the
> domain controller (windows 2000), because they don't exist.
> Is there anyway to work around this?
> If this sounds too convoluted, let me know. I can add smb.conf files and log
> files, but I think the problem is samba changing & to _ before processing
> the login request.
This isn't actually a winbind problem, but an issue of Samba's
paranoia. Samba does not trust that you are not trying to cause a %U
substitution in smb.conf to go 'werid'. (Like what happened to people
who used 'log file = log.%m' before 2.2.1a).
See posts like
You could add & to your list there.
I've 'fixed' this in 3.0, by only doing this paranoid check for %U - all
other uses of the username are direct off-the-wire (charset conversion
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030330/8b3abea4/attachment.bin
More information about the samba