[Samba] change in AD authentication behaviour since 3.0.24
Robert Cohen
robert.cohen at anu.edu.au
Wed Feb 20 03:48:53 GMT 2008
On 20/2/08 2:40 PM, "Trimble, Ronald D" <Ronald.Trimble at unisys.com> wrote:
> We recently submitted a bug for a similar problem, but winbind was not
> returning domain information correctly.
> https://bugzilla.samba.org/show_bug.cgi?id=5264
I'm not sure whether its the same problem as us.
BTW I should mention that we're simply not using winbind.
The behaviour I'm talking about is when an XP client machine attempts to
connect to our server to get a network share.
So winbind doesn't enter into the equation.
>
>
> -----Original Message-----
> From: Robert Cohen [mailto:robert.cohen at anu.edu.au]
> Sent: Tuesday, February 19, 2008 7:13 PM
> To: samba at lists.samba.org
> Subject: [Samba] change in AD authentication behaviour since 3.0.24
>
> We have noticed a change in the way AD authentication behaves starting with
> 3.0.25. Ive been hoping it was a bug and someone would notice and fix it.
> But since its still there as of 3.0.28, I guess its a feature :-).
>
> Anyway, our users on XP machines used to be able to authenticate against AD
> with just a username/password eg u1234567. But as of 3.0.25 they need to use
> a fully qualified username eg XX\u1234567 to authenticate.
> Otherwise it appears to be attempting to authenticate against the local
> machine.
>
>
> Is there some setting I can use to get the old behaviour back?
> Or is the old behaviour simply incorrect, and I'll just have to bite the
> bullet and re-educate our users. The hassle is that lots of them have canned
> scripts which they have been carting around forever which use the old
> behaviour.
>
> Just in case theres something in my configuration which is causing the
> problem, the relevant bits are.
>
>> From smb.conf
>
> ; Security/authentication stuff
> security = ADS
> realm = XX.ANU.EDU.AU
> password server = xx03.anu.edu.au
> password level = 0
> local master = no
> domain master = no
> encrypt passwords = yes
> guest ok = no
>
>> From krb5.conf
> [libdefaults]
> default_realm = XX.ANU.EDU.AU
>
> [realms]
> XX.ANU.EDU.AU = {
> kdc = xx01.anu.edu.au
> kdc = xx02.anu.edu.au
> kdc = xx03.anu.edu.au
> admin_server = xx01.anu.edu.au
> }
>
> [domain_realm]
> .xx.anu.edu.au = XX.ANU.EDU.AU
> xx.anu.edu.au = XX.ANU.EDU.AU
> .anu.edu.au = XX.ANU.EDU.AU
> anu.edu.au = XX.ANU.EDU.AU
>
>
> The "net ads join" commands have been run to add the machine to the AD
> domain and it was working fine prior to 3.0.25
>
>
>
>
>
> =======================================
> Robert Cohen
> Systems & Desktop Services
> Division of Information
> R.G Menzies Building
> Building 2
> The Australian National University
> Canberra ACT 0200 Australia
>
> T: +61 2 6125 8389
> F: +61 2 6125 7699
> http://www.anu.edu.au
>
> CRICOS Provider #00120C
> =======================================
>
>
>
=======================================
Robert Cohen
Systems & Desktop Services
Division of Information
R.G Menzies Building
Building 2
The Australian National University
Canberra ACT 0200 Australia
T: +61 2 6125 8389
F: +61 2 6125 7699
http://www.anu.edu.au
CRICOS Provider #00120C
=======================================
More information about the samba
mailing list