[Samba] $ in domain name, Samba 2.2.8a

Andrew Bartlett abartlet at samba.org
Wed Oct 1 08:27:50 GMT 2003

On Sat, 2003-09-27 at 02:05, Stuckless, Colin 709 778-3815 wrote:
> Hi
> I recently upgraded samba to 2.2.8a on a Solaris 8 server. Previously we
> were running an older version on Solaris 2.6. I am using domain security to
> authenticate users to an NT based PDC, and have a username map for matching
> Windows usernames to Unix usernames.
> The problem I'm having is that users in the same domain as the Solaris
> server are authenticating fine, but users in a domain trusted by that domain
> are not authenticating. For example, if the local domain is DOMB and the
> trusted domain with the dollar sign is $DOMA, in my smb log I see:
> domain_client_validate: unable to validate password for user FOO in domain
> _DOMA to Domain controller *. Error was NT_STATUS_NO_SUCH_USER.
> It looks to me like the $ in $DOMA is being mapped to an underscore
> ("_DOMA"), and I'm guessing that the PDC is being asked to validate a user
> in a domain "_DOMA" that it knows nothing about. Or perhaps this is a red
> herring, and the $ is preserved in the smb communication but just not in my
> log file.
> I didn't have this problem under the older samba version I was running (also
> using domain security and our NT based PDC). Any ideas?

Yes, we are stripping it out for security reasons.  The problem is when
people use %U and %D macros in their smb.conf - particularly for
logfiles - we got bitten when %m was allowed to contain ../../, and
cracked down on it. 

I think Samba 3.0 allows this again, as I've gone over the codepaths,
and am happy with our verification (against the known list of trusted
domains etc).

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031001/cc36dcc2/attachment.bin

More information about the samba mailing list