[Samba] Kerberos case sensitive with Mac OS X on Samba 3.0.x

ww m-pubsyssamba pubsyssamba at bbc.co.uk
Thu May 6 09:17:37 GMT 2004 

PS the account is stored in /etc/passwd in the same case as AD, ie in my problem it is mixed case in
both locations,

	thanks Andy.

-----Original Message-----
From: ww m-pubsyssamba 
Sent: 06 May 2004 10:12
To: 'Jeremy Allison'; 'samba at lists.samba.org'
Subject: RE: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x


Hi Jeremy/All,

	I've attached a zip with both a good authentication (Kinit obtained using the same case as account is
stored in AD) and also a bad authentication (Where I've obtained a ticket for a username in all lower case
where the account is stored with mixed case in AD). The zip password is "samba"

		thanks Andy.

-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org]
Posted At: 05 May 2004 19:26
Posted To: Samba
Conversation: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x
Subject: Re: [Samba] Kerberos case sensitive with Mac OS X on Samba
3.0.x


On Wed, May 05, 2004 at 06:39:38PM +0100, ww m-pubsyssamba wrote:
> Hi List,
> 
> 	I'm having an issue between Samba and OS X with regards to Kerberos authentication to a Samba AD member server.
> I'm using local UNIX accounts and entries in the passdb instead of Windind on the samba server, ie create account by adding
> to /etc/passwd then smbpasswd -a username. From an OS X client system if I obtain a ticket for user "UserA" like
> kinit UserA at KERBEROS.REALM then when I run klist I see the default principal remebers the case I used to obtain the ticket.
> Now when I try and access my Samba member server I successfully recieve a ticket for the Samba server and am able to access
> the server as expected.
> However if I then try kinit usera at KERBEROS.REALM (username is wrong case) I again successfully recieve my TGT but with
> the default principal listed in lower case and when I try and access the Samba server I get this error "could not connect to server 
> because user or password was incorrect". This is a big problem because when using the Apple AD plugin for authentication it 
> always requested the ticket with a lower case username! Also this problem does not affect Kerberos authentiction to a Windows 
> member server only Samba.
> Can anyone shed any light on this, whose fault is it? Samba or Apple?

Can you send in a debug level 10 log so we can try and determine where
the problem is ?

Thanks,

	Jeremy.

More information about the samba mailing list