[Samba] Mac OS and interpretation of @ in a username. Ex user at mds.xyz doesn't work on Mac OS but does on Win 10
TomK
tomkcpr at mdevsys.com
Fri Feb 21 19:20:08 UTC 2020
:)
> Am I missing something? I don’t see where you are using the ‘@‘
symbol anywhere.
> Mac is probably interpreting the parameters “valid users” and “write
list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz or
bob, at, mds.xyz.
>
> torch
>
Full user is "joe at mds.xyz" not just "joe".
Samba checks that the user exists. So I have to specify a valid user be
it AD, Local or Kerberos. Otherwise Samba fails with a error that it
can't find the user.
So when I type "joe at mds.xyz" as the user to login to Samba with in Win
10, I login just fine.
On MAC, I type in "joe at mds.xyz" as the user and it apparently splits up
the string into "joe" and "mds.xyz". Seemingly this is correct since I
guess it sees it as <user>@<server> instead of seeing the whole string
("joe at mds.xyz") as a user.
Hoping this clarifies a bit?
Cheers,
TK
On 2/21/2020 8:09 AM, TomK via samba wrote:
> On 2/21/2020 12:52 AM, TomK via samba wrote:
>> Hey Guy's,
>>
>> When the user is 'joe at mds.xyz' login works fine on Win 10. Same user
>> types on a Mac OS gives
>>
>>
>
> [2020/02/21 00:03:17.050984, 4, pid=12382, effective(0, 0), real(0, 0)]
> ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2020/02/21 00:03:17.051095, 3, pid=12382, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/check_samsec.c:399(check_sam_security)
> check_sam_security: Couldn't find user 'joe' in passdb.
> [2020/02/21 00:03:17.051222, 5, pid=12382, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
> auth_check_ntlm_password: sam_ignoredomain authentication for user
> [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051358, 2, pid=12382, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:332(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [joe] -> [joe] FAILED
> with error NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051573, 2, pid=12382, effective(0, 0), real(0, 0)]
> ../auth/auth_log.c:760(log_authentication_event_human_readable)
> Auth: [SMB2,(null)] user [NFS03]\[joe] at [Fri, 21 Feb 2020
> 00:03:17.051454 EST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
> workstation [JOHN-PC] remote host [ipv4:192.168.0.6:55405] mapped to
> [NFS03]\[joe]. local host [ipv4:192.168.0.125:445]
> [2020/02/21 00:03:17.051751, 5, pid=12382, effective(0, 0), real(0, 0)]
> ../source3/auth/auth_ntlmssp.c:199(auth3_check_password)
> Checking NTLMSSP password for NFS03\joe failed:
> NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051951, 5, pid=12382, effective(0, 0), real(0, 0)]
> ../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password)
> ../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for
> NFS03\joe failed: NT_STATUS_NO_SUCH_USER
> [2020/02/21 00:03:17.052077, 2, pid=12382, effective(0, 0), real(0, 0)]
> ../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg)
> SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> [2020/02/21 00:03:17.052226, 4, pid=12382, effective(0, 0), real(0, 0)]
> ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
>
>
> Below is the mapping that happens when typing joe at mds.xyz in both cases.
> Login ultimately fails on the Macbook:
>
>>
>>
>> [ Mac OS - Fails ]
>>
>> [2020/02/21 00:03:16.960566, 5, pid=12382, effective(0, 0), real(0,
>> 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
>> Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM]
>>
>>
>>
>> [ Win 10 - Works ]
>>
>> [2020/02/20 23:58:01.059514, 5, pid=11929, effective(0, 0),
>> real(0, 0), class=auth]
>> ../source3/auth/auth_util.c:126(make_user_info_map)
>> Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC]
>>
>>
>> User types in both cases is: joe at mds.xyz
>>
>> Apparetly the @ symbol is throwing things off. Perhaps the Mac is
>> interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits
>> them up then fails to login?
>>
>> What could be the issue here?
>>
>>
>
>
--
Thx,
TK.
More information about the samba
mailing list