Samba doesn't allow connections from usernames that have & in them. For example, using 2.2.5 and winbind with security = DOMAIN password server = win2kmixed workgroup = MIXEDDOMAIN all my users can login, (for example MIXEDDOMAIN+aho, MIXEDDOMAIN+tdickson), but my users named "&" and "bobalso&" (which should be MIXEDDOMAIN+& and MIXEDDOMAIN+bobalso&) don't work. The log.win2kclient file indicates that samba has changed & to _. (I.E, unable to connect for user _ or user bobalso_, which won't work because it can't validate those users with the domain controller (windows 2000), because they don't exist. Is there anyway to work around this? If this sounds too convoluted, let me know. I can add smb.conf files and log files, but I think the problem is samba changing & to _ before processing the login request. Thank you, Tom Dickson
Good night, I am inexperienced but I am facing countless problems with WINBIND + it DANCES THE SAMBA + NT2k. WINBIND began to work alone after countless attempts. The times I turn off the file smbpasswd and give in before I don't get more to enter in the directories of the SAMBA. Even with the wbinfo -g coming back the users' groups, do I only get to do to enter (the times) done users create by the smbpasswd when it works. did That happen with you? -----Mensagem original----- De: samba-bounces+facatena=surson.com.br@lists.samba.org [mailto:samba-bounces+facatena=surson.com.br@lists.samba.org] Em nome de Tom Dickson Enviada em: quarta-feira, 19 de mar?o de 2003 17:06 Para: samba mailing list Assunto: [Samba] WINBIND with usernames with & Samba doesn't allow connections from usernames that have & in them. For example, using 2.2.5 and winbind with security = DOMAIN password server = win2kmixed workgroup = MIXEDDOMAIN all my users can login, (for example MIXEDDOMAIN+aho, MIXEDDOMAIN+tdickson), but my users named "&" and "bobalso&" (which should be MIXEDDOMAIN+& and MIXEDDOMAIN+bobalso&) don't work. The log.win2kclient file indicates MIXEDDOMAIN+that samba has changed & to _. (I.E, unable to connect for user _ or user bobalso_, which won't work because it can't validate those users with the domain controller (windows 2000), because they don't exist. Is there anyway to work around this? If this sounds too convoluted, let me know. I can add smb.conf files and log files, but I think the problem is samba changing & to _ before processing the login request. Thank you, Tom Dickson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.463 / Virus Database: 262 - Release Date: 17/3/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.463 / Virus Database: 262 - Release Date: 17/3/2003
On Thu, 2003-03-20 at 07:06, Tom Dickson wrote:> Samba doesn't allow connections from usernames that have & in them. For > example, using 2.2.5 and winbind with > > security = DOMAIN > password server = win2kmixed > workgroup = MIXEDDOMAIN > > all my users can login, (for example MIXEDDOMAIN+aho, MIXEDDOMAIN+tdickson), > but my users named "&" and "bobalso&" (which should be MIXEDDOMAIN+& and > MIXEDDOMAIN+bobalso&) don't work. The log.win2kclient file indicates that > samba has changed & to _. (I.E, unable to connect for user _ or user > bobalso_, which won't work because it can't validate those users with the > domain controller (windows 2000), because they don't exist. > > Is there anyway to work around this? > > If this sounds too convoluted, let me know. I can add smb.conf files and log > files, but I think the problem is samba changing & to _ before processing > the login request.This isn't actually a winbind problem, but an issue of Samba's paranoia. Samba does not trust that you are not trying to cause a %U substitution in smb.conf to go 'werid'. (Like what happened to people who used 'log file = log.%m' before 2.2.1a). See posts like http://samba.cadcamlab.org/lists/samba-ntdom/Dec2001/msg00060.html You could add & to your list there. I've 'fixed' this in 3.0, by only doing this paranoid check for %U - all other uses of the username are direct off-the-wire (charset conversion only). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030330/8b3abea4/attachment.bin