[Samba] Authentication questions with domain
grantliddle at gmail.com
Wed Sep 8 10:56:01 MDT 2010
On Wed, Sep 8, 2010 at 12:32 AM, Jean-Yves Avenard <jyavenard at gmail.com>wrote:
> Hi there.
> I have a FreeBSD server running Samba 3.3, connected to a domain who's
> PDC is a MacOS 10.6 server running Samba 3.0.28 (ancient I know).
> Working all fine, except for one thing I find annoying.
> MacOS server has a concept of username alias. You can have as many
> aliases as you want, using any of those aliases are the same as using
> the primary one.
> It's rather well implemented in 10.6 server, and you can log on the
> domain with any of those usernames.
> \\server\homes would point to the same directory, no matter which of
> the aliases you used.
> On the FreeBSD server however, that is on this domain. You can only
> login using the primary username.
> If I try to login using an alias, I get using smbclient session setup
> failed: NT_STATUS_LOGON_FAILURE
> I was under the impression that the authentication is always performed
> against the PDC, so if it's fine with the PDC, if should be fine on
> the client (and sure enough, with Windows, I can login with any of the
> alias too).
> For example:
> One user
> simon_russell, has 2 aliases: simonr and simon_russell.
> server4# smbclient //server4/public -U simon_russell
> Enter simon_russell's password:
> Domain=[HYDRIX] OS=[Unix] Server=[Samba 3.3.9]
> Fine so far.
> server4# smbclient //server4/public -U simon.russell
> Enter simon.russell's password:
> session setup failed: NT_STATUS_LOGON_FAILURE
> In the log of the PDC however, I see
> When logging with an alias:
> [2010/09/08 17:25:21, 2, pid=89576]
> check_ntlm_password: authentication for user [simon.russell] ->
> [simon.russell] -> [simon_russell] succeeded
> when logging with the main username:
> [2010/09/08 17:26:32, 2, pid=89576]
> check_ntlm_password: authentication for user [simon_russell] ->
> [simon_russell] -> [simon_russell] succeeded
> As far as the PDC is concerned, the authentication in both case was
> Yet, the samba client fails and report an authentication failure...
> The PDC is running OpenDirectory which is just a LDAP server...
> Am I missing something? what could I do to allow users to login using
> any aliases?
> Thank you
nsswitch is using local auth first maybe?
More information about the samba