Hello List, I'm dealing with the following issue here: https://forum.zentyal.org/index.php?topic=25300.0 Although it starts with OpenChange, it ends with Samba4 so I very much hope that somebody on this list can help me out. Basically I try to authenticate users through the Outlook autoconfigurator using RPC-OVER-HTTP to a samba server. The problem is that in Samba4/LDAP I cannot have users with email address in their name so instead of: user at company1.com I can only create user_company1.com I don't detail it more because on the top link I have explained everything with pictures. So what I would like to know is how to REBIND the incoming user auth request into a new format if this is possible. auth_check_password_send: Checking password for unmapped user []\[user at company.com]@[sheep] [2015/06/19 11:04:28.601720, 2] ../source4/auth/ntlm/auth_util.c:91(map_user_info_cracknames) map_user_info: Cracknames of account 'user at company.com' -> DOMAIN_ONLY [2015/06/19 11:04:28.601864, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: NO_METHOD authentication for user [(null)\(null)] FAILED with error NT_STATUS_NO_SUCH_USER [2015/06/19 11:04:28.602191, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: NT_STATUS_INVALID_PARAMETER' I realized that since the username:password is coming from windows already as a HASH, there is no modification what I can do on the rpcproxy. The only way to do what I need is to do this from Samba. This way when the checkbox comes up and the user enters the username at company.com email address and password everything should work fine after he is authenticated. Thank you!
Daniel Müller
2015-Jun-19 10:53 UTC
[Samba] Samba rebind user@email.com to user_email.com
Hello again, user at my.domain working for me with dovecot-imap/ exim ads samba4.1.17. Ex: hosts = my.ads.host:389 dn = cn=myuser ,cn=users,dc=my,dc=domain dnpass = secret auth_bind = yes ldap_version = 3 base = cn=Users,dc=my,dc=domain scope = subtree user_filter = (mail=%u) pass_filter = (mail=%u) pass_attrs = mail=%u,= userPassword=password You see the "user at my.domain" is set in the ads mail field with rsat. EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Martin Lund Gesendet: Freitag, 19. Juni 2015 12:24 An: samba at lists.samba.org Betreff: [Samba] Samba rebind user at email.com to user_email.com Hello List, I'm dealing with the following issue here: https://forum.zentyal.org/index.php?topic=25300.0 Although it starts with OpenChange, it ends with Samba4 so I very much hope that somebody on this list can help me out. Basically I try to authenticate users through the Outlook autoconfigurator using RPC-OVER-HTTP to a samba server. The problem is that in Samba4/LDAP I cannot have users with email address in their name so instead of: user at company1.com I can only create user_company1.com I don't detail it more because on the top link I have explained everything with pictures. So what I would like to know is how to REBIND the incoming user auth request into a new format if this is possible. auth_check_password_send: Checking password for unmapped user []\[user at company.com]@[sheep] [2015/06/19 11:04:28.601720, 2] ../source4/auth/ntlm/auth_util.c:91(map_user_info_cracknames) map_user_info: Cracknames of account 'user at company.com' -> DOMAIN_ONLY [2015/06/19 11:04:28.601864, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: NO_METHOD authentication for user [(null)\(null)] FAILED with error NT_STATUS_NO_SUCH_USER [2015/06/19 11:04:28.602191, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: NT_STATUS_INVALID_PARAMETER' I realized that since the username:password is coming from windows already as a HASH, there is no modification what I can do on the rpcproxy. The only way to do what I need is to do this from Samba. This way when the checkbox comes up and the user enters the username at company.com email address and password everything should work fine after he is authenticated. Thank you! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hello, The problem isn't that user at company.com is not accepted in Dovecot or Postfix (of course that these services accept email addresses as usernames). It is about Openchange which provides Autodiscovery/Calendar and many other full blown Micro$oft exchange protocol features... In the meantime I found a "username map" option of samba but unfortunately after multiple tests it seems to me that this is completely ignored when the authentication backend is LDAP. ? Sent:?Friday, June 19, 2015 at 12:53 PM From:?"Daniel M?ller" <mueller at tropenklinik.de> To:?"'Martin Lund'" <scsi7143 at gmx.com>, samba at lists.samba.org Subject:?Re: [Samba] Samba rebind user at email.com to user_email.com Hello again, user at my.domain working for me with dovecot-imap/ exim ads samba4.1.17. Ex: hosts = my.ads.host:389 dn = cn=myuser ,cn=users,dc=my,dc=domain dnpass = secret auth_bind = yes ldap_version = 3 base = cn=Users,dc=my,dc=domain scope = subtree user_filter = (mail=%u) pass_filter = (mail=%u) pass_attrs = mail=%u,= userPassword=password You see the "user at my.domain" is set in the ads mail field with rsat. EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de[http://www.tropenklinik.de] -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Martin Lund Gesendet: Freitag, 19. Juni 2015 12:24 An: samba at lists.samba.org Betreff: [Samba] Samba rebind user at email.com to user_email.com Hello List, I'm dealing with the following issue here: https://forum.zentyal.org/index.php?topic=25300.0[https://forum.zentyal.org/index.php?topic=25300.0] Although it starts with OpenChange, it ends with Samba4 so I very much hope that somebody on this list can help me out. Basically I try to authenticate users through the Outlook autoconfigurator using RPC-OVER-HTTP to a samba server. The problem is that in Samba4/LDAP I cannot have users with email address in their name so instead of: user at company1.com I can only create user_company1.com I don't detail it more because on the top link I have explained everything with pictures. So what I would like to know is how to REBIND the incoming user auth request into a new format if this is possible. auth_check_password_send: Checking password for unmapped user []\[user at company.com]@[sheep] [2015/06/19 11:04:28.601720, 2] ../source4/auth/ntlm/auth_util.c:91(map_user_info_cracknames) map_user_info: Cracknames of account 'user at company.com' -> DOMAIN_ONLY [2015/06/19 11:04:28.601864, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: NO_METHOD authentication for user [(null)\(null)] FAILED with error NT_STATUS_NO_SUCH_USER [2015/06/19 11:04:28.602191, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: NT_STATUS_INVALID_PARAMETER' I realized that since the username:password is coming from windows already as a HASH, there is no modification what I can do on the rpcproxy. The only way to do what I need is to do this from Samba. This way when the checkbox comes up and the user enters the username at company.com email address and password everything should work fine after he is authenticated. Thank you! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]