[Samba] Authentication issue still exists in 3.0.3
Jay D. Anderson
Jay.Anderson at dw.deere.com
Fri Apr 30 17:23:55 GMT 2004
I wrote about this problem more than a week ago, but got no response. I
upgraded to 3.0.3 hoping this issue would go away, but it hasn't.
I am seeing the problem running Samba 3.0.2a or 3.0.3 on both Solaris 8
and RH Linux ES3. This problem was not present in Samba 2.2.8a.
The Samba servers are member servers of an Active Directory domain, and
all other file and print sharing is working well. Global section of
smb.conf included below. I am not running winbindd.
On a Windows XP client that hasn't been added to Active Directory yet,
domain credentials will not authenticate to the Samba server if the
credentials are given in the form username at mydomain.com. The same
operation against a Windows server works fine. If the credentials are
supplied in other forms to the Samba server, they will work (e.g.,
mydomain\username, mydomain.com\username). If the Windows XP client is
added to the AD domain, the credentials will work in any of the formats.
From an auth:10 debug, it appears Samba is using the entire
username at mydomain.com string as the username rather than breaking it
into username and domain components. I have a "log level = 3 auth:10"
log file available on request.
Thank you very much for taking a look at this.
[global]
realm = MYDOMAIN.COM
security = ADS
netbios name = SERVER1
password server = ADPS1.MYDOMAIN.COM,ADPS2.MYDOMAIN.COM
interfaces = 166.122.99.1/20 166.122.99.50/20
encrypt passwords = Yes
map to guest = Bad User
username map = /usr/local/samba/lib/users.map
host msdfs = Yes
time server = Yes
deadtime = 5
socket options = TCP_NODELAY
local master = No
dns proxy = No
workgroup = MYDOMAIN
name resolve order = host wins bcast
wins server = 166.122.99.135 166.122.15.103
--
---------------------------------------------------------------------
Jay D. Anderson John Deere Davenport Works
Jay (at) DW.Deere.com P.O. Box 4198
Phone: 563.388.4268 Fax: 563.388.4159 Davenport, Iowa 52808
More information about the samba
mailing list