[Samba] Mac OS and interpretation of @ in a username. Ex user at mds.xyz doesn't work on Mac OS but does on Win 10
TomK
tomkcpr at mdevsys.com
Sat Feb 22 01:48:51 UTC 2020
On 2/21/2020 6:10 PM, TomK via samba wrote:
> On 2/21/2020 2:24 PM, Rowland penny via samba wrote:
>> On 21/02/2020 19:06, torch via samba wrote:
>>> Am I missing something? I don’t see where you are using the ‘@‘
>>> symbol anywhere.
>>> Mac is probably interpreting the parameters “valid users” and “write
>>> list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz
>>> or bob, at, mds.xyz.
>>>
>>> torch
>>
>> My question would be 'why is the OP trying to login using what appears
>> to be a UPN to something (standalone server) that doesn't use kerberos ?'
>>
>> More info required.
>>
>> Rowland
>>
>>
>>
> Valid question.
>
>
> The target server, let's call it nfs03.nix.mds.xyz shares a path via
> both CIFS and NFS. The said server, nfs03, is Kerberized via SSSD to a
> set of FreeIPA servers. The FreeIPA servers in turn have a trust with
> the AD DC domain mds.xyz .
>
> nfs03 <-> FreeIPA <-> AD DC
>
> So joe at mds.xyz is an AD user presented via FreeIPA on nfs03.
>
> [root at nfs03 samba]# id joe at mds.xyz
> uid=166602204(joe at mds.xyz) gid=166602204(joe at mds.xyz)
> groups=166602204(joe at mds.xyz),1843300089(domain-users)
> [root at nfs03 samba]#
>
> Running
>
> id joe
>
> doesn't work of course. Doesn't exist. mds.xyz is the AD domain.
> There are other domains and other users on those different domains, such
> as drew at nix.mds.xyz, who doesn't exist in AD and is only local to Linux
> servers. We also need to distinguish a user1 at mds.xyz vs a
> user1 at nix.mds.xyz for example. So need to use the domain, at least for now.
>
> Using joe won't work in samba since it checks the OS to verify the user
> exists. So need to use joe at mds.xyz however Samba, rightly so, splits
> this string up into what it things is the user, 'joe' and host
> 'mds.xyz'. I'm looking for a way to suppress this so it doesn't split
> up joe at mds.xyz .
Therefore, yes, UPN.
>
>
> "Sadly this really appears to be is a client issue. You see there the
> string Samba gets, so by the time Samba tries the process it the @ is
> already interpreted and the string split.
>
> Sorry!
>
> Andrew Bartlett"
>
> Yeah, wondering if there is a way to tell Samba NOT to split that up and
> treat joe at mds.xyz as a single user. This works fine in Win 10 so I
> agree, it's probably a client SMB configuration issue but would like to
> know exactly what that config issue is.
>
+ or what paramaters I could change to ensure the string isn't split up.
--
Thx,
TK.
More information about the samba
mailing list