[Samba] winbind use default domain problem after upgrade
Perttu Aaltonen
perttu.aaltonen at mac.com
Thu Mar 11 12:12:13 UTC 2021
> On 10 Mar 2021, at 20.18, Perttu Aaltonen via samba <samba at lists.samba.org> wrote:
>
>
>> On 10. Mar 2021, at 19.21, Rowland penny via samba <samba at lists.samba.org> wrote:
>>
>> On 10/03/2021 16:46, Perttu Aaltonen via samba wrote:
>>> My assumption was that “winbind use default domain” affects the user mapping when they authenticate an SMB connection. So if the user hasn’t provided the domain part it will add the domain/workgroup part automatically. But now in my testing it seems that it doesn’t actually affect this. Setting it to ’no’ doesn’t block authenticating with only the username part and I can see in the log that “\user” is still mapped to “DOMAIN\user”.
>>>
>>> This is how it works for me in Samba 4.10.5. I’m trying to find the exact version where authenticating with only the username part breaks for me and while doing that I noticed this. That this parameter doesn’t appear to work the way I thought it would, meaning it affecting the mapping of the username to domain user.
>>
>>
>> OK, it doesn't matter how I try to connect or log in, I can use 'username' or 'DOMAIN\username' and it works for myself, from Linux to Linux, Windows to Linux. From the multiple 'fruit' lines, it is probably a good guess that you are using a Mac OS, so have you considered that this may in fact be a Mac problem ?
>>
>
> Actually macOS works fine, it’s Supermicro IPMI virtual media that has the problem. I’m trying to get it working again in recent Samba versions. It’s only capable of NTLMv1 so perhaps that’s the key here. In 4.10.5 it works but in 4.12 it doesn’t work anymore even after enabling NTLMv1 and looking at the log the difference is that in 4.10.5 username is mapped while 4.12 it isn’t mapped anymore with the error “NT_STATUS_NO_SUCH_USER". So here I thought that “winbind use default domain” was the issue but looks like I was mistaken.
>
> I’ll try to install Samba versions in between those two and see after which update it stops working.
I got a bit further with this and it actually isn’t related to the Samba version, but the Ubuntu version used. In Ubuntu 18.04 when using ‘user’ as the name it’s mapped to ‘DOMAIN\user’ correctly. But in Ubuntu 20.04 it is not mapped and I haven’t figured out why that is.
I found a workaround which is to use the username form ‘user at domain.com’ in the Supermicro IPMI and then the mapping works correctly. But would be good to find out the reason.
Any ideas why the mapping would work differently in different Linux versions?
-Perttu
More information about the samba
mailing list