[Samba] Kerberos case sensitive with Mac OS X on Samba 3.0.x
ww m-pubsyssamba
pubsyssamba at bbc.co.uk
Thu May 6 09:17:37 GMT 2004
PS the account is stored in /etc/passwd in the same case as AD, ie in my problem it is mixed case in
both locations,
thanks Andy.
-----Original Message-----
From: ww m-pubsyssamba
Sent: 06 May 2004 10:12
To: 'Jeremy Allison'; 'samba at lists.samba.org'
Subject: RE: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x
Hi Jeremy/All,
I've attached a zip with both a good authentication (Kinit obtained using the same case as account is
stored in AD) and also a bad authentication (Where I've obtained a ticket for a username in all lower case
where the account is stored with mixed case in AD). The zip password is "samba"
thanks Andy.
-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org]
Posted At: 05 May 2004 19:26
Posted To: Samba
Conversation: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x
Subject: Re: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x
On Wed, May 05, 2004 at 06:39:38PM +0100, ww m-pubsyssamba wrote:
> Hi List,
>
> I'm having an issue between Samba and OS X with regards to Kerberos authentication to a Samba AD member server.
> I'm using local UNIX accounts and entries in the passdb instead of Windind on the samba server, ie create account by adding
> to /etc/passwd then smbpasswd -a username. From an OS X client system if I obtain a ticket for user "UserA" like
> kinit UserA at KERBEROS.REALM then when I run klist I see the default principal remebers the case I used to obtain the ticket.
> Now when I try and access my Samba member server I successfully recieve a ticket for the Samba server and am able to access
> the server as expected.
> However if I then try kinit usera at KERBEROS.REALM (username is wrong case) I again successfully recieve my TGT but with
> the default principal listed in lower case and when I try and access the Samba server I get this error "could not connect to server
> because user or password was incorrect". This is a big problem because when using the Apple AD plugin for authentication it
> always requested the ticket with a lower case username! Also this problem does not affect Kerberos authentiction to a Windows
> member server only Samba.
> Can anyone shed any light on this, whose fault is it? Samba or Apple?
Can you send in a debug level 10 log so we can try and determine where
the problem is ?
Thanks,
Jeremy.
More information about the samba
mailing list