[Samba] Mac OS and interpretation of @ in a username. Ex user at mds.xyz doesn't work on Mac OS but does on Win 10

TomK tomkcpr at mdevsys.com
Fri Feb 21 19:20:08 UTC 2020 

:)



 > Am I missing something?  I don’t see where you are using the ‘@‘ 
symbol anywhere.
 > Mac is probably interpreting the parameters “valid users” and “write 
list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz or 
bob, at, mds.xyz.
 >
 > torch
 >

Full user is "joe at mds.xyz"  not just "joe".


Samba checks that the user exists.  So I have to specify a valid user be 
it AD, Local or Kerberos.  Otherwise Samba fails with a error that it 
can't find the user.


So when I type "joe at mds.xyz" as the user to login to Samba with in Win 
10, I login just fine.

On MAC, I type in "joe at mds.xyz" as the user and it apparently splits up 
the string into "joe" and "mds.xyz".  Seemingly this is correct since I 
guess it sees it as <user>@<server> instead of seeing the whole string 
("joe at mds.xyz") as a user.

Hoping this clarifies a bit?

Cheers,
TK


On 2/21/2020 8:09 AM, TomK via samba wrote:
> On 2/21/2020 12:52 AM, TomK via samba wrote:
>> Hey Guy's,
>>
>> When the user is 'joe at mds.xyz' login works fine on Win 10.  Same user 
>> types on a Mac OS gives
>>
>>
> 
> [2020/02/21 00:03:17.050984,  4, pid=12382, effective(0, 0), real(0, 0)] 
> ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
>    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2020/02/21 00:03:17.051095,  3, pid=12382, effective(0, 0), real(0, 0), 
> class=auth] ../source3/auth/check_samsec.c:399(check_sam_security)
>    check_sam_security: Couldn't find user 'joe' in passdb.
> [2020/02/21 00:03:17.051222,  5, pid=12382, effective(0, 0), real(0, 0), 
> class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
>    auth_check_ntlm_password: sam_ignoredomain authentication for user 
> [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051358,  2, pid=12382, effective(0, 0), real(0, 0), 
> class=auth] ../source3/auth/auth.c:332(auth_check_ntlm_password)
>    check_ntlm_password:  Authentication for user [joe] -> [joe] FAILED 
> with error NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051573,  2, pid=12382, effective(0, 0), real(0, 0)] 
> ../auth/auth_log.c:760(log_authentication_event_human_readable)
>    Auth: [SMB2,(null)] user [NFS03]\[joe] at [Fri, 21 Feb 2020 
> 00:03:17.051454 EST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] 
> workstation [JOHN-PC] remote host [ipv4:192.168.0.6:55405] mapped to 
> [NFS03]\[joe]. local host [ipv4:192.168.0.125:445]
> [2020/02/21 00:03:17.051751,  5, pid=12382, effective(0, 0), real(0, 0)] 
> ../source3/auth/auth_ntlmssp.c:199(auth3_check_password)
>    Checking NTLMSSP password for NFS03\joe failed: 
> NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051951,  5, pid=12382, effective(0, 0), real(0, 0)] 
> ../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password)
>    ../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for 
> NFS03\joe failed: NT_STATUS_NO_SUCH_USER
> [2020/02/21 00:03:17.052077,  2, pid=12382, effective(0, 0), real(0, 0)] 
> ../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg)
>    SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> [2020/02/21 00:03:17.052226,  4, pid=12382, effective(0, 0), real(0, 0)] 
> ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
> 
> 
> Below is the mapping that happens when typing joe at mds.xyz in both cases. 
>   Login ultimately fails on the Macbook:
> 
>>
>>
>> [ Mac OS - Fails ]
>>
>> [2020/02/21 00:03:16.960566,  5, pid=12382, effective(0, 0), real(0, 
>> 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
>>    Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM]
>>
>>
>>
>> [ Win 10 - Works ]
>>
>>      [2020/02/20 23:58:01.059514,  5, pid=11929, effective(0, 0), 
>> real(0, 0), class=auth] 
>> ../source3/auth/auth_util.c:126(make_user_info_map)
>>    Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC]
>>
>>
>> User types in both cases is: joe at mds.xyz
>>
>> Apparetly the @ symbol is throwing things off.   Perhaps the Mac is 
>> interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits 
>> them up then fails to login?
>>
>> What could be the issue here?
>>
>>
> 
> 


-- 
Thx,
TK.

More information about the samba mailing list