[Samba] Authentication questions with domain

grant little grantliddle at gmail.com
Wed Sep 8 10:56:01 MDT 2010 

On Wed, Sep 8, 2010 at 12:32 AM, Jean-Yves Avenard <jyavenard at gmail.com>wrote:

> Hi there.
>
> I have a FreeBSD server running Samba 3.3, connected to a domain who's
> PDC is a MacOS 10.6 server running Samba 3.0.28 (ancient I know).
>
> Working all fine, except for one thing I find annoying.
>
> MacOS server has a concept of username alias. You can have as many
> aliases as you want, using any of those aliases are the same as using
> the primary one.
>
> It's rather well implemented in 10.6 server, and you can log on the
> domain with any of those usernames.
> \\server\homes would point to the same directory, no matter which of
> the aliases you used.
>
> On the FreeBSD server however, that is on this domain. You can only
> login using the primary username.
> If I try to login using an alias, I get using smbclient session setup
> failed: NT_STATUS_LOGON_FAILURE
>
> I was under the impression that the authentication is always performed
> against the PDC, so if it's fine with the PDC, if should be fine on
> the client (and sure enough, with Windows, I can login with any of the
> alias too).
>
> For example:
> One user
> simon_russell, has 2 aliases: simonr and simon_russell.
>
> server4# smbclient //server4/public -U simon_russell
> Enter simon_russell's password:
> Domain=[HYDRIX] OS=[Unix] Server=[Samba 3.3.9]
>
> Fine so far.
> However,
>
> server4# smbclient //server4/public -U simon.russell
> Enter simon.russell's password:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> In the log of the PDC however, I see
> When logging with an alias:
>
> [2010/09/08 17:25:21, 2, pid=89576]
>
> /SourceCache/samba/samba-235.4/samba/source/auth/auth.c:check_ntlm_password(309)
>  check_ntlm_password:  authentication for user [simon.russell] ->
> [simon.russell] -> [simon_russell] succeeded
>
> when logging with the main username:
> [2010/09/08 17:26:32, 2, pid=89576]
>
> /SourceCache/samba/samba-235.4/samba/source/auth/auth.c:check_ntlm_password(309)
>  check_ntlm_password:  authentication for user [simon_russell] ->
> [simon_russell] -> [simon_russell] succeeded
>
>
> As far as the PDC is concerned, the authentication in both case was
> successful.
>
> Yet, the samba client fails and report an authentication failure...
>
> The PDC is running OpenDirectory which is just a LDAP server...
>
> Am I missing something? what could I do to allow users to login using
> any aliases?
>
> Thank you
> Jean-Yves
>  <https://lists.samba.org/mailman/options/samba>


nsswitch is using local auth first maybe?

More information about the samba mailing list