[Samba] winbind and case sensitivity

Brian J. Murrell brian at interlinx.bc.ca
Tue Feb 3 12:12:42 GMT 2004

On Tue, 2004-02-03 at 04:11, Andrew Bartlett wrote:
> The problem is, for a plaintext login, the IMAP server is almost
> certainly just copying the username internally, so there is almost
> nothing we can do about it.

i.e. you mean cyrus imap will just copy and use whatever the user types

That is fine.  I don't mind telling all of the users that they _must_
log in with lowercase letters now, no using caps.  They will then have
all lowercase imap mailboxes and cyrus will force delivery into
lowercase mailboxes.

But the problem then is that when the PDC returns usernames in the
format "Firstname" (first letter capped), and they log in with
"firstname", there is no matching account.  If I could instruct
winbind(d?) to simply fold the uppercase letters into lowercase, then
there is an account that matches what the user typed and will work for
authentication because NT is case insensitive.

It seems to be that the simplest fix is to ask winbind to force the caps
into lowercase before giving the info to PAM.

> For NTLMSSP based logins (see my patch to cyrus-sasl back in Janurary) I
> handle this stuff, because we can return the username.

Interesting.  I will take a look.  But this problem is more general than
just cyrus imap and having winbind fold the uppercase letters into
lowercase letters seems like a nice general solution, no?


My other computer is your Microsoft Windows server.

Brian J. Murrell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040203/5638f1bf/attachment.bin

More information about the samba mailing list