We just migrated a small network from a Win2K PDC to Samba, using "net rpc vampire" into a tdbsam backend on a Samba 3.0.2a Linux box. One of the users, let's call him Jon Harker, had the NT username "JHarker". When we ran "pdbedit -v jharker", we saw this: Unix username: JHarker NT username: JHarker Well, that looks wrong - the NT username can be mixed case for all I care, but shouldn't the Unix name be all lower case? We changed jharker's /etc/passwd entry to "JHarker" and he was subsequently able to login. Since we didn't like that as a fix, we changed /etc/passwd back to all lower case and carefully edited the passdb.tdb in emacs (the binary editor of choice on Unix systems :-) to knock the mixed-case usernames into lower case, which also fixed the problem. Both of these users already had accounts (all lower case) in /etc/passwd before we ran "net rpc vampire". Other than this, the vampire process ran very smoothly. -- Ed
On Wed, 2004-03-24 at 22:34, Ed Ravin wrote:> We just migrated a small network from a Win2K PDC to Samba, using > "net rpc vampire" into a tdbsam backend on a Samba 3.0.2a Linux box. > > One of the users, let's call him Jon Harker, had the NT username "JHarker". > When we ran "pdbedit -v jharker", we saw this: > > Unix username: JHarker > NT username: JHarker > > Well, that looks wrong - the NT username can be mixed case for all I care, > but shouldn't the Unix name be all lower case? > > We changed jharker's /etc/passwd entry to "JHarker" and he was subsequently > able to login. Since we didn't like that as a fix, we changed /etc/passwd > back to all lower case and carefully edited the passdb.tdb in emacs (the > binary editor of choice on Unix systems :-) to knock the mixed-case usernames > into lower case, which also fixed the problem. > > Both of these users already had accounts (all lower case) in /etc/passwd > before we ran "net rpc vampire". > > Other than this, the vampire process ran very smoothly.---- This is a natural occurrence when you use mixed cases in Windows systems for user names. Windows is pretty much indifferent to the user name case but will store it as however it was typed originally when added to the sam. With a Windows logon controller, you could type jharker, JHARKER, JHarker or jhARKER and as long as you had the password correct, it would still successfully log in (yes the password is indeed case sensitive). As you know, Unix/Linux is very much case sensitive on all things such as files as well as users. On Linux/Unix, both JHarker and jharker could exist as separate users where on Windows, this wouldn't be allowed. It is the same with stored files... Test Document.doc is the same name as test document.doc on a Windows file server. but both files could exist happily in the same Unix directory without conflict. As for already having the user in /etc/passwd 'prior' to net rpc vampire...that's the reason that you didn't get an error when you did the vampire. Viva le difference... Craig
Ed Ravin wrote:>We just migrated a small network from a Win2K PDC to Samba, using >"net rpc vampire" into a tdbsam backend on a Samba 3.0.2a Linux box. > >One of the users, let's call him Jon Harker, had the NT username "JHarker". >When we ran "pdbedit -v jharker", we saw this: > > Unix username: JHarker > NT username: JHarker > >Well, that looks wrong - the NT username can be mixed case for all I care, >but shouldn't the Unix name be all lower case? > >We changed jharker's /etc/passwd entry to "JHarker" and he was subsequently >able to login. Since we didn't like that as a fix, we changed /etc/passwd >back to all lower case and carefully edited the passdb.tdb in emacs (the >binary editor of choice on Unix systems :-) to knock the mixed-case usernames >into lower case, which also fixed the problem. > >Both of these users already had accounts (all lower case) in /etc/passwd >before we ran "net rpc vampire". > >Other than this, the vampire process ran very smoothly. > > -- Ed > >Interesting. I remember have case sensitivity problems ( among others ) when using 'net rpc vampire' with 3.0.1-rc-something. Actually I had such a hard time that I decided to hold off until the process went a little smoother. Yeah I also remember hand-editing /etc/passwd entries ( sometimes unsucessfully - I rooted some guy's account good ! ). Have there been any bug fixes to the 'vampire' function since 3.0.1? While I understand the cause of the case sensitivity problems, I think this still needs more attention - perhaps all names should be forced to lower case? Lets just say that my previous experience didn't exactly inspire confidence in the system I was setting up - hence we are still on an NT4 domain controller. Anyway, since someone else had a 'very smooth' experience, maybe I was partly to blame. I'll give it another go when I get more time. -- Daniel Kasak IT Developer NUS Consulting Group Level 5, 77 Pacific Highway North Sydney, NSW, Australia 2060 T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989 email: dkasak@nusconsulting.com.au website: http://www.nusconsulting.com.au
On Thu, 2004-03-25 at 16:34, Ed Ravin wrote:> We just migrated a small network from a Win2K PDC to Samba, using > "net rpc vampire" into a tdbsam backend on a Samba 3.0.2a Linux box. > > One of the users, let's call him Jon Harker, had the NT username "JHarker". > When we ran "pdbedit -v jharker", we saw this: > > Unix username: JHarker > NT username: JHarker > > Well, that looks wrong - the NT username can be mixed case for all I care, > but shouldn't the Unix name be all lower case?The rule I've been working with is that they must be in the same case. The reason is simple - it is a matter of performance. There were times that we allowed usernames to differ in case, but we make the lookup from passdb -> getpwnam() quite often, so I decided that as we always add the username in the 'right' case, and that we should trust that case when looking up users. (Looking up users in mixed case can cause 2+2^N getpwnam() lookups, where N is the value of 'username level'). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040327/02e60eba/attachment.bin