George Mamalakis
2010-Dec-01 11:10 UTC
[Samba] Domain-name appended into username when "selecting users or groups"
Dear all, I am facing a peculiar situation: on my smb.conf log level = 5, and on my windows machine I log on as a local administrator to add remote desktop users that are in fact domain users. When my worgroup = SOMETHING, everything works fine. When I change my worgroup to: workgroup = example.com, and try to add a new remote desktop user, and set as an object name example.com\user and try to "check name", after a give the username and password I get the following error: The following error occurred while using the user name (user at EXAMPLE.COM). and password you entered: Logon failure: unknown user name or bad password. Which is true, since on the samba server, on my machine log I get: # grep -i user machine Got user=[user at EXAMPLE.COM] domain=[] workstation=[MACHINE] len1=24 len2=24 Mapping user []\[user at EXAMPLE.COM] from workstation [MACHINE] Mapped domain from [] to [EXAMPLE.COM] for user [user at EXAMPLE.COM] from workstation [MACHINE] attempting to make a user_info for user at EXAMPLE.COM (user at EXAMPLE.COM) making strings for user at EXAMPLE.COM's user_info struct making blobs for user at EXAMPLE.COM's user_info struct check_ntlm_password: Checking password for unmapped user []\[user at EXAMPLE.COM]@[MACHINE] with the new password interface check_ntlm_password: mapped user is: [EXAMPLE.COM]\[user at EXAMPLE.COM]@[MACHINE] smbldap_search_ext: base => [dc=ee,dc=auth,dc=gr], filter => [(&(uid=user at EXAMPLE.COM)(objectclass=sambaSamAccount))], scope => [2] ldapsam_getsampwnam: Unable to locate user [user at EXAMPLE.COM] count=0 check_sam_security: Couldn't find user 'user at EXAMPLE.COM' in passdb. check_ntlm_password: sam authentication for user [user at EXAMPLE.COM] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [user at EXAMPLE.COM] -> [user at EXAMPLE.COM] FAILED with error NT_STATUS_NO_SUCH_USER which shows that domain=[] (it's empty), whereas in the normal case it should be: domain=[EXAMPLE.COM] (which is the case when I "simple login" from my client hosts). To sum things up (and clarify them a bit): - when workgroup = SOMETHING, login on to domain as well as "Select Users or Group" works like a charm. - when workgroup = example.com, login on to domain works fine, "Select Users or Group" fails due to the aforementioned reason. my server is a fbsd box (64bit): # uname -a FreeBSD filesrv.example.com 8.1-STABLE FreeBSD 8.1-STABLE #1: Mon Sep 20 13:33:27 EEST 2010 root at filesrv.example.com:/usr/obj/usr/src/sys/FILESRV amd64 and samba is installed from ports (version 3.4.9). Samba's backend is ldap, and both smb.conf's are *exactly* the same. The only difference is the workgroup directive (and the relevant directives in the smbldap-utils configuration file, which shouldn't make any difference). I would be delighted if anyone could direct me to the right path. I have not included my smb.conf files; if needed I will attach them "on demand" :) . Thank you all for your time in advance, mamalos -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379
George Mamalakis
2010-Dec-02 19:53 UTC
[Samba] Domain-name appended into username when "selecting users or groups"
On 01/12/2010 13:10, George Mamalakis wrote:> Dear all, > > I am facing a peculiar situation: > on my smb.conf log level = 5, and on my windows machine I log on as a > local administrator to add remote desktop users that are in fact > domain users. > When my worgroup = SOMETHING, everything works fine. When I change my > worgroup to: workgroup = example.com, and try to add a new remote > desktop user, and set as an object name example.com\user and try to > "check name", after a give the username and password I get the > following error: > > The following error occurred while using the user name > (user at EXAMPLE.COM). and password you entered: > Logon failure: unknown user name or bad password. > > Which is true, since on the samba server, on my machine log I get: > # grep -i user machine > > Got user=[user at EXAMPLE.COM] domain=[] workstation=[MACHINE] len1=24 > len2=24 > Mapping user []\[user at EXAMPLE.COM] from workstation [MACHINE] > Mapped domain from [] to [EXAMPLE.COM] for user [user at EXAMPLE.COM] > from workstation [MACHINE] > attempting to make a user_info for user at EXAMPLE.COM (user at EXAMPLE.COM) > making strings for user at EXAMPLE.COM's user_info struct > making blobs for user at EXAMPLE.COM's user_info struct > check_ntlm_password: Checking password for unmapped user > []\[user at EXAMPLE.COM]@[MACHINE] with the new password interface > check_ntlm_password: mapped user is: > [EXAMPLE.COM]\[user at EXAMPLE.COM]@[MACHINE] > smbldap_search_ext: base => [dc=ee,dc=auth,dc=gr], filter => > [(&(uid=user at EXAMPLE.COM)(objectclass=sambaSamAccount))], scope => [2] > ldapsam_getsampwnam: Unable to locate user [user at EXAMPLE.COM] count=0 > check_sam_security: Couldn't find user 'user at EXAMPLE.COM' in passdb. > check_ntlm_password: sam authentication for user [user at EXAMPLE.COM] > FAILED with error NT_STATUS_NO_SUCH_USER > check_ntlm_password: Authentication for user [user at EXAMPLE.COM] -> > [user at EXAMPLE.COM] FAILED with error NT_STATUS_NO_SUCH_USER > > which shows that domain=[] (it's empty), whereas in the normal case it > should be: domain=[EXAMPLE.COM] (which is the case when I "simple > login" from my client hosts). > > To sum things up (and clarify them a bit): > - when workgroup = SOMETHING, login on to domain as well as "Select > Users or Group" works like a charm. > - when workgroup = example.com, login on to domain works fine, "Select > Users or Group" fails due to the aforementioned reason. > > my server is a fbsd box (64bit): > # uname -a > FreeBSD filesrv.example.com 8.1-STABLE FreeBSD 8.1-STABLE #1: Mon Sep > 20 13:33:27 EEST 2010 > root at filesrv.example.com:/usr/obj/usr/src/sys/FILESRV amd64 > > and samba is installed from ports (version 3.4.9). Samba's backend is > ldap, and both smb.conf's are *exactly* the same. The only difference > is the workgroup directive (and the relevant directives in the > smbldap-utils configuration file, which shouldn't make any difference). > > I would be delighted if anyone could direct me to the right path. > I have not included my smb.conf files; if needed I will attach them > "on demand" :) . > > Thank you all for your time in advance, > > mamalos >guys? anybody? -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379
Chris Smith
2010-Dec-02 20:48 UTC
[Samba] Domain-name appended into username when "selecting users or groups"
On Wed, Dec 1, 2010 at 6:10 AM, George Mamalakis <mamalos at eng.auth.gr> wrote:> When my worgroup = SOMETHING, everything works fine. When I change my > worgroup to: workgroup = example.comNetBIOS is a flat address space not heirarchical. Use workgroup=EXAMPLE instead of workgroup=example.com. See: http://lists.samba.org/archive/samba/2010-June/156240.html http://lists.samba.org/archive/samba/2010-June/156244.html
Chris Smith
2010-Dec-02 20:55 UTC
[Samba] Domain-name appended into username when "selecting users or groups"
On Thu, Dec 2, 2010 at 3:48 PM, Chris Smith <smb_77 at chrissmith.org> wrote:> See: > http://lists.samba.org/archive/samba/2010-June/156240.html > http://lists.samba.org/archive/samba/2010-June/156244.html
George Mamalakis
2010-Dec-03 07:59 UTC
[Samba] Domain-name appended into username when "selecting users or groups"
On 02/12/2010 22:55, Chris Smith wrote:> On Thu, Dec 2, 2010 at 3:48 PM, Chris Smith<smb_77 at chrissmith.org> wrote: >> See: >> http://lists.samba.org/archive/samba/2010-June/156240.html >> http://lists.samba.org/archive/samba/2010-June/156244.html > From the link in my post from June (http://support.microsoft.com/kb/909264): > =========================> Special characters > Period (.). > > A period character separates the name into a NetBIOS scope identifier > and the computer name. The NetBIOS scope identifier is an optional > string of characters that identify logical NetBIOS networks that run > on the same physical TCP/IP network. For NetBIOS to work between > computers, the computers must have the same NetBIOS scope identifier > and unique computer names. > =========================> > Chris >Thank you very much for your answer. -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379