TomK
2020-Feb-21  05:52 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
Hey Guy's,
When the user is 'joe at mds.xyz' login works fine on Win 10.  Same user
types on a Mac OS gives
[ Mac OS - Fails ]
[2020/02/21 00:03:16.960566,  5, pid=12382, effective(0, 0), real(0, 0), 
class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
   Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM]
[ Win 10 - Works ]
	[2020/02/20 23:58:01.059514,  5, pid=11929, effective(0, 0), real(0, 
0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
   Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC]
User types in both cases is: joe at mds.xyz
Apparetly the @ symbol is throwing things off.   Perhaps the Mac is 
interpreting joe at mds.xyz to mean user 'joe' at host
'mds.xyz', splits
them up then fails to login?
What could be the issue here?
-- 
Thx,
TK.
# cat /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
         workgroup = SAMBA
         security = user
         passdb backend = tdbsam
         printing = cups
         printcap name = cups
         load printers = yes
         cups options = raw
         log level = 4
         max protocol = SMB3
         min protocol = NT1
         local master = no
         realm = *
[homes]
         comment = Home Directories
         valid users = %S, %D%w%S
         browseable = No
         read only = No
         inherit acls = Yes
[printers]
         comment = All Printers
         path = /var/tmp
         printable = Yes
         create mask = 0600
         browseable = No
[NFS-bob]
         comment = NFS Shared Storage - bob
         path = /n/mds.xyz/bob
         valid users = bob at mds.xyz
         public = no
         writable = yes
         read only = no
         browseable = yes
         guest ok = no
         printable = no
         write list = bob at mds.xyz
         directory mask = 0775
         create mask = 664
[NFS-joe]
         comment = NFS Shared Storage - joe
         path = /n/mds.xyz/joe
         valid users = joe at mds.xyz
         public = no
         writable = yes
         read only = no
         browseable = yes
         guest ok = yes
         printable = no
         write list = joe at mds.xyz
         directory mask = 0775
         create mask = 664
[NFS-root]
         comment = NFS Shared Storage - root
         path = /n
         valid users = root
         public = no
         writable = yes
         read only = no
         browseable = yes
         guest ok = no
         printable = no
         write list = root
         directory mask = 0775
         create mask = 664
[print$]
         comment = Printer Drivers
         path = /var/lib/samba/drivers
         write list = @printadmin root
         force group = @printadmin
         create mask = 0664
         directory mask = 0775
#
TomK
2020-Feb-21  13:09 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
On 2/21/2020 12:52 AM, TomK via samba wrote:> Hey Guy's, > > When the user is 'joe at mds.xyz' login works fine on Win 10.? Same user > types on a Mac OS gives > >[2020/02/21 00:03:17.050984, 4, pid=12382, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2020/02/21 00:03:17.051095, 3, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'joe' in passdb. [2020/02/21 00:03:17.051222, 5, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password) auth_check_ntlm_password: sam_ignoredomain authentication for user [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051358, 2, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:332(auth_check_ntlm_password) check_ntlm_password: Authentication for user [joe] -> [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051573, 2, pid=12382, effective(0, 0), real(0, 0)] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [NFS03]\[joe] at [Fri, 21 Feb 2020 00:03:17.051454 EST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [JOHN-PC] remote host [ipv4:192.168.0.6:55405] mapped to [NFS03]\[joe]. local host [ipv4:192.168.0.125:445] [2020/02/21 00:03:17.051751, 5, pid=12382, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:199(auth3_check_password) Checking NTLMSSP password for NFS03\joe failed: NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051951, 5, pid=12382, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password) ../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for NFS03\joe failed: NT_STATUS_NO_SUCH_USER [2020/02/21 00:03:17.052077, 2, pid=12382, effective(0, 0), real(0, 0)] ../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2020/02/21 00:03:17.052226, 4, pid=12382, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) Below is the mapping that happens when typing joe at mds.xyz in both cases. Login ultimately fails on the Macbook:> > > [ Mac OS - Fails ] > > [2020/02/21 00:03:16.960566,? 5, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > ? Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM] > > > > [ Win 10 - Works ] > > ????[2020/02/20 23:58:01.059514,? 5, pid=11929, effective(0, 0), > real(0, 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > ? Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC] > > > User types in both cases is: joe at mds.xyz > > Apparetly the @ symbol is throwing things off.?? Perhaps the Mac is > interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits > them up then fails to login? > > What could be the issue here? > >-- Thx, TK.
TomK
2020-Feb-21  19:20 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
:)
 > Am I missing something?  I don?t see where you are using the ?@? 
symbol anywhere.
 > Mac is probably interpreting the parameters ?valid users? and ?write 
list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz or 
bob, at, mds.xyz.
 >
 > torch
 >
Full user is "joe at mds.xyz"  not just "joe".
Samba checks that the user exists.  So I have to specify a valid user be 
it AD, Local or Kerberos.  Otherwise Samba fails with a error that it 
can't find the user.
So when I type "joe at mds.xyz" as the user to login to Samba with in
Win
10, I login just fine.
On MAC, I type in "joe at mds.xyz" as the user and it apparently
splits up
the string into "joe" and "mds.xyz".  Seemingly this is
correct since I
guess it sees it as <user>@<server> instead of seeing the whole
string
("joe at mds.xyz") as a user.
Hoping this clarifies a bit?
Cheers,
TK
On 2/21/2020 8:09 AM, TomK via samba wrote:> On 2/21/2020 12:52 AM, TomK via samba wrote:
>> Hey Guy's,
>>
>> When the user is 'joe at mds.xyz' login works fine on Win 10.?
Same user
>> types on a Mac OS gives
>>
>>
> 
> [2020/02/21 00:03:17.050984,? 4, pid=12382, effective(0, 0), real(0, 0)] 
> ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
>  ? pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2020/02/21 00:03:17.051095,? 3, pid=12382, effective(0, 0), real(0, 0), 
> class=auth] ../source3/auth/check_samsec.c:399(check_sam_security)
>  ? check_sam_security: Couldn't find user 'joe' in passdb.
> [2020/02/21 00:03:17.051222,? 5, pid=12382, effective(0, 0), real(0, 0), 
> class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
>  ? auth_check_ntlm_password: sam_ignoredomain authentication for user 
> [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051358,? 2, pid=12382, effective(0, 0), real(0, 0), 
> class=auth] ../source3/auth/auth.c:332(auth_check_ntlm_password)
>  ? check_ntlm_password:? Authentication for user [joe] -> [joe] FAILED 
> with error NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051573,? 2, pid=12382, effective(0, 0), real(0, 0)] 
> ../auth/auth_log.c:760(log_authentication_event_human_readable)
>  ? Auth: [SMB2,(null)] user [NFS03]\[joe] at [Fri, 21 Feb 2020 
> 00:03:17.051454 EST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] 
> workstation [JOHN-PC] remote host [ipv4:192.168.0.6:55405] mapped to 
> [NFS03]\[joe]. local host [ipv4:192.168.0.125:445]
> [2020/02/21 00:03:17.051751,? 5, pid=12382, effective(0, 0), real(0, 0)] 
> ../source3/auth/auth_ntlmssp.c:199(auth3_check_password)
>  ? Checking NTLMSSP password for NFS03\joe failed: 
> NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051951,? 5, pid=12382, effective(0, 0), real(0, 0)] 
> ../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password)
>  ? ../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for 
> NFS03\joe failed: NT_STATUS_NO_SUCH_USER
> [2020/02/21 00:03:17.052077,? 2, pid=12382, effective(0, 0), real(0, 0)] 
> ../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg)
>  ? SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> [2020/02/21 00:03:17.052226,? 4, pid=12382, effective(0, 0), real(0, 0)] 
> ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
> 
> 
> Below is the mapping that happens when typing joe at mds.xyz in both cases.
>  ?Login ultimately fails on the Macbook:
> 
>>
>>
>> [ Mac OS - Fails ]
>>
>> [2020/02/21 00:03:16.960566,? 5, pid=12382, effective(0, 0), real(0, 
>> 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
>> ?? Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM]
>>
>>
>>
>> [ Win 10 - Works ]
>>
>> ?????[2020/02/20 23:58:01.059514,? 5, pid=11929, effective(0, 0), 
>> real(0, 0), class=auth] 
>> ../source3/auth/auth_util.c:126(make_user_info_map)
>> ?? Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC]
>>
>>
>> User types in both cases is: joe at mds.xyz
>>
>> Apparetly the @ symbol is throwing things off.?? Perhaps the Mac is 
>> interpreting joe at mds.xyz to mean user 'joe' at host
'mds.xyz', splits
>> them up then fails to login?
>>
>> What could be the issue here?
>>
>>
> 
> 
-- 
Thx,
TK.
Andrew Bartlett
2020-Feb-21  19:36 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
On Fri, 2020-02-21 at 00:52 -0500, TomK via samba wrote:> Hey Guy's, > > When the user is 'joe at mds.xyz' login works fine on Win 10. Same user > types on a Mac OS gives > > > > > [ Mac OS - Fails ] > > [2020/02/21 00:03:16.960566, 5, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM] > > > > [ Win 10 - Works ] > > [2020/02/20 23:58:01.059514, 5, pid=11929, effective(0, 0), real(0, > 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC] > > > User types in both cases is: joe at mds.xyz > > Apparetly the @ symbol is throwing things off. Perhaps the Mac is > interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits > them up then fails to login? > > What could be the issue here?Sadly this really appears to be is a client issue. You see there the string Samba gets, so by the time Samba tries the process it the @ is already interpreted and the string split. Sorry! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Apparently Analagous Threads
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10