[Samba] Authentication questions with domain

Jean-Yves Avenard jyavenard at gmail.com
Wed Sep 8 01:32:45 MDT 2010

Hi there.

I have a FreeBSD server running Samba 3.3, connected to a domain who's
PDC is a MacOS 10.6 server running Samba 3.0.28 (ancient I know).

Working all fine, except for one thing I find annoying.

MacOS server has a concept of username alias. You can have as many
aliases as you want, using any of those aliases are the same as using
the primary one.

It's rather well implemented in 10.6 server, and you can log on the
domain with any of those usernames.
\\server\homes would point to the same directory, no matter which of
the aliases you used.

On the FreeBSD server however, that is on this domain. You can only
login using the primary username.
If I try to login using an alias, I get using smbclient session setup

I was under the impression that the authentication is always performed
against the PDC, so if it's fine with the PDC, if should be fine on
the client (and sure enough, with Windows, I can login with any of the
alias too).

For example:
One user
simon_russell, has 2 aliases: simonr and simon_russell.

server4# smbclient //server4/public -U simon_russell
Enter simon_russell's password:
Domain=[HYDRIX] OS=[Unix] Server=[Samba 3.3.9]

Fine so far.

server4# smbclient //server4/public -U simon.russell
Enter simon.russell's password:
session setup failed: NT_STATUS_LOGON_FAILURE

In the log of the PDC however, I see
When logging with an alias:

[2010/09/08 17:25:21, 2, pid=89576]
  check_ntlm_password:  authentication for user [simon.russell] ->
[simon.russell] -> [simon_russell] succeeded

when logging with the main username:
[2010/09/08 17:26:32, 2, pid=89576]
  check_ntlm_password:  authentication for user [simon_russell] ->
[simon_russell] -> [simon_russell] succeeded

As far as the PDC is concerned, the authentication in both case was successful.

Yet, the samba client fails and report an authentication failure...

The PDC is running OpenDirectory which is just a LDAP server...

Am I missing something? what could I do to allow users to login using
any aliases?

Thank you

More information about the samba mailing list