[Samba] Samba rebind user at email.com to user_email.com

Daniel Müller mueller at tropenklinik.de
Fri Jun 19 04:53:53 MDT 2015 

Hello again,

user at my.domain   working for me with dovecot-imap/ exim  ads samba4.1.17.

Ex:

hosts = my.ads.host:389
dn = cn=myuser ,cn=users,dc=my,dc=domain
dnpass = secret

auth_bind = yes
ldap_version = 3

base = cn=Users,dc=my,dc=domain
scope = subtree
user_filter = (mail=%u)
pass_filter = (mail=%u)
pass_attrs = mail=%u,= userPassword=password

You see the "user at my.domain" is set in the ads  mail field with rsat.





EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de 



-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Martin Lund
Gesendet: Freitag, 19. Juni 2015 12:24
An: samba at lists.samba.org
Betreff: [Samba] Samba rebind user at email.com to user_email.com

Hello List,

I'm dealing with the following issue here:

https://forum.zentyal.org/index.php?topic=25300.0

Although it starts with OpenChange, it ends with Samba4 so I very much hope
that somebody on this list can help me out.

Basically I try to authenticate users through the Outlook autoconfigurator
using RPC-OVER-HTTP to a samba server. The problem is that in Samba4/LDAP I
cannot have users with email address in their name so instead of:

 user at company1.com

I can only create

 user_company1.com

I don't detail it more because on the top link I have explained everything
with pictures. So what I would like to know is how to REBIND the incoming
user auth request into a new format if this is possible.

  auth_check_password_send: Checking password for unmapped user
[]\[user at company.com]@[sheep]
[2015/06/19 11:04:28.601720,  2]
../source4/auth/ntlm/auth_util.c:91(map_user_info_cracknames)
  map_user_info: Cracknames of account 'user at company.com' -> DOMAIN_ONLY
[2015/06/19 11:04:28.601864,  2]
../source4/auth/ntlm/auth.c:420(auth_check_password_recv)
  auth_check_password_recv: NO_METHOD authentication for user
[(null)\(null)] FAILED with error NT_STATUS_NO_SUCH_USER
[2015/06/19 11:04:28.602191,  3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
  Terminating connection - 'dcesrv: NT_STATUS_INVALID_PARAMETER'

I realized that since the username:password is coming from windows already
as a HASH, there is no modification what I can do on the rpcproxy. The only
way to do what I need is to do this from Samba.

This way when the checkbox comes up and the user enters the
username at company.com email address and password everything should work fine
after he is authenticated.


Thank you!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list