[Samba] change in AD authentication behaviour since 3.0.24

Robert Cohen robert.cohen at anu.edu.au
Wed Feb 20 03:48:53 GMT 2008 



On 20/2/08 2:40 PM, "Trimble, Ronald D" <Ronald.Trimble at unisys.com> wrote:

> We recently submitted a bug for a similar problem, but winbind was not
> returning domain information correctly.
> https://bugzilla.samba.org/show_bug.cgi?id=5264

I'm not sure whether its the same problem as us.

BTW I should mention that we're simply not using winbind.
The behaviour I'm talking about is when an XP client machine attempts to
connect to our server to get a network share.

So winbind doesn't enter into the equation.



> 
> 
> -----Original Message-----
> From: Robert Cohen [mailto:robert.cohen at anu.edu.au]
> Sent: Tuesday, February 19, 2008 7:13 PM
> To: samba at lists.samba.org
> Subject: [Samba] change in AD authentication behaviour since 3.0.24
> 
> We have noticed a change in the way AD authentication behaves starting with
> 3.0.25. Ive been hoping it was a bug and someone would notice and fix it.
> But since its still there as of 3.0.28, I guess its a feature :-).
> 
> Anyway, our users on XP machines used to be able to authenticate against AD
> with just a username/password eg u1234567. But as of 3.0.25 they need to use
> a fully qualified username eg XX\u1234567 to authenticate.
> Otherwise it appears to be attempting to authenticate against the local
> machine.
> 
> 
> Is there some setting I can use to get the old behaviour back?
> Or is the old behaviour simply incorrect, and I'll just have to bite the
> bullet and re-educate our users. The hassle is that lots of them have canned
> scripts which they have been carting around forever which use the old
> behaviour.
> 
> Just in case theres something in my configuration which is causing the
> problem, the relevant bits are.
> 
>> From smb.conf
> 
> ; Security/authentication stuff
>   security = ADS
>   realm = XX.ANU.EDU.AU
>   password server = xx03.anu.edu.au
>   password level = 0
>   local master = no
>   domain master = no
>   encrypt passwords = yes
>   guest ok = no
> 
>> From krb5.conf
> [libdefaults]
>         default_realm = XX.ANU.EDU.AU
> 
> [realms]
>         XX.ANU.EDU.AU = {
>                 kdc = xx01.anu.edu.au
>                 kdc = xx02.anu.edu.au
>                 kdc = xx03.anu.edu.au
>                 admin_server = xx01.anu.edu.au
>         }
> 
> [domain_realm]
>         .xx.anu.edu.au = XX.ANU.EDU.AU
>         xx.anu.edu.au = XX.ANU.EDU.AU
>         .anu.edu.au = XX.ANU.EDU.AU
>         anu.edu.au = XX.ANU.EDU.AU
> 
> 
> The "net ads join" commands have been run to add the machine to the AD
> domain and it was working fine prior to 3.0.25
> 
> 
> 
> 
> 
> =======================================
> Robert Cohen
> Systems & Desktop Services
> Division of Information
> R.G Menzies Building
> Building 2
> The Australian National University
> Canberra ACT 0200 Australia
> 
> T: +61 2 6125 8389
> F: +61 2 6125 7699
> http://www.anu.edu.au
> 
> CRICOS Provider #00120C
> =======================================
> 
> 
> 

=======================================
Robert Cohen
Systems & Desktop Services
Division of Information
R.G Menzies Building
Building 2
The Australian National University
Canberra ACT 0200 Australia
 
T: +61 2 6125 8389
F: +61 2 6125 7699
http://www.anu.edu.au
 
CRICOS Provider #00120C
=======================================

More information about the samba mailing list