[Samba] $ in domain name, Samba 2.2.8a

Andrew Bartlett abartlet at samba.org
Wed Oct 1 08:27:50 GMT 2003 

On Sat, 2003-09-27 at 02:05, Stuckless, Colin 709 778-3815 wrote:
> Hi
> 
> I recently upgraded samba to 2.2.8a on a Solaris 8 server. Previously we
> were running an older version on Solaris 2.6. I am using domain security to
> authenticate users to an NT based PDC, and have a username map for matching
> Windows usernames to Unix usernames.
> 
> The problem I'm having is that users in the same domain as the Solaris
> server are authenticating fine, but users in a domain trusted by that domain
> are not authenticating. For example, if the local domain is DOMB and the
> trusted domain with the dollar sign is $DOMA, in my smb log I see:
> 
> domain_client_validate: unable to validate password for user FOO in domain
> _DOMA to Domain controller *. Error was NT_STATUS_NO_SUCH_USER.
> 
> It looks to me like the $ in $DOMA is being mapped to an underscore
> ("_DOMA"), and I'm guessing that the PDC is being asked to validate a user
> in a domain "_DOMA" that it knows nothing about. Or perhaps this is a red
> herring, and the $ is preserved in the smb communication but just not in my
> log file.
> 
> I didn't have this problem under the older samba version I was running (also
> using domain security and our NT based PDC). Any ideas?

Yes, we are stripping it out for security reasons.  The problem is when
people use %U and %D macros in their smb.conf - particularly for
logfiles - we got bitten when %m was allowed to contain ../../, and
cracked down on it. 

I think Samba 3.0 allows this again, as I've gone over the codepaths,
and am happy with our verification (against the known list of trusted
domains etc).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031001/cc36dcc2/attachment.bin

More information about the samba mailing list