[Samba] Samba rebind user at email.com to user_email.com

Fri Jun 19 07:21:22 MDT 2015

Hello,

The problem isn't that user at company.com is not accepted in Dovecot or Postfix (of course that these services accept email addresses as usernames). It is about Openchange which provides Autodiscovery/Calendar and many other full blown Micro$oft exchange protocol features...

In the meantime I found a "username map" option of samba but unfortunately after multiple tests it seems to me that this is completely ignored when the authentication backend is LDAP. 

Sent: Friday, June 19, 2015 at 12:53 PM
From: "Daniel Müller" <mueller at tropenklinik.de>
To: "'Martin Lund'" <scsi7143 at gmx.com>, samba at lists.samba.org
Subject: Re: [Samba] Samba rebind user at email.com to user_email.com
Hello again,

user at my.domain working for me with dovecot-imap/ exim ads samba4.1.17.

Ex:

hosts = my.ads.host:389
dn = cn=myuser ,cn=users,dc=my,dc=domain
dnpass = secret

auth_bind = yes
ldap_version = 3

base = cn=Users,dc=my,dc=domain
scope = subtree
user_filter = (mail=%u)
pass_filter = (mail=%u)
pass_attrs = mail=%u,= userPassword=password

You see the "user at my.domain" is set in the ads mail field with rsat.

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de[http://www.tropenklinik.de]

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Martin Lund
Gesendet: Freitag, 19. Juni 2015 12:24
An: samba at lists.samba.org
Betreff: [Samba] Samba rebind user at email.com to user_email.com

Hello List,

I'm dealing with the following issue here:

https://forum.zentyal.org/index.php?topic=25300.0[https://forum.zentyal.org/index.php?topic=25300.0]

Although it starts with OpenChange, it ends with Samba4 so I very much hope
that somebody on this list can help me out.

Basically I try to authenticate users through the Outlook autoconfigurator
using RPC-OVER-HTTP to a samba server. The problem is that in Samba4/LDAP I
cannot have users with email address in their name so instead of:

user at company1.com

I can only create

user_company1.com

I don't detail it more because on the top link I have explained everything
with pictures. So what I would like to know is how to REBIND the incoming
user auth request into a new format if this is possible.

auth_check_password_send: Checking password for unmapped user
[]\[user at company.com]@[sheep]
[2015/06/19 11:04:28.601720, 2]
../source4/auth/ntlm/auth_util.c:91(map_user_info_cracknames)
map_user_info: Cracknames of account 'user at company.com' -> DOMAIN_ONLY
[2015/06/19 11:04:28.601864, 2]
../source4/auth/ntlm/auth.c:420(auth_check_password_recv)
auth_check_password_recv: NO_METHOD authentication for user
[(null)\(null)] FAILED with error NT_STATUS_NO_SUCH_USER
[2015/06/19 11:04:28.602191, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_INVALID_PARAMETER'

I realized that since the username:password is coming from windows already
as a HASH, there is no modification what I can do on the rpcproxy. The only
way to do what I need is to do this from Samba.

This way when the checkbox comes up and the user enters the
username at company.com email address and password everything should work fine
after he is authenticated.

Thank you!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]