Hi, On Tue, Jun 2, 2015 at 11:34 PM, Jeremy Allison <jra at samba.org> wrote:> So we really should work in this case. Can you recap what > isn't working ? >Thank you! Added a Samba Domain Controller (4.1.17-Debian) to a Microsoft Windows 2003-based Active Directory (had to upgrade the Schema Version, if this is important I can gather that information). User Account Information got replicated.When I disconnected the Windows Server most Clients (Windows 7) did work -- except those with blanks in the username. Tests (adding/removing) blanks to the names made the problem reproducible (removed the blank from an exising account with blanks -> login did work. Reintroduced the blank -> login did not work). With a Linux Client kinit did work (with or without blanks in usernames). The Samba Server is currently disconnected from the network (as it prevents clients from login), but can be reactivated if needed. cheers, Andreas -- GPG-Key-Id: DD436203 Github: https://github.com/andreashappe Linked-In: http://at.linkedin.com/in/andreashappe
On Wed, Jun 03, 2015 at 02:24:08PM +0200, Andreas Happe wrote:> Hi, > > On Tue, Jun 2, 2015 at 11:34 PM, Jeremy Allison <jra at samba.org> wrote: > > > So we really should work in this case. Can you recap what > > isn't working ? > > > > Thank you! > > Added a Samba Domain Controller (4.1.17-Debian) to a Microsoft Windows > 2003-based Active Directory (had to upgrade the Schema Version, if this is > important I can gather that information). > > User Account Information got replicated.When I disconnected the Windows > Server most Clients (Windows 7) did work -- except those with blanks in the > username. Tests (adding/removing) blanks to the names made the problem > reproducible (removed the blank from an exising account with blanks -> > login did work. Reintroduced the blank -> login did not work). > > With a Linux Client kinit did work (with or without blanks in usernames). > > The Samba Server is currently disconnected from the network (as it prevents > clients from login), but can be reactivated if needed.OK, can you do a quick test for me first ? Join a Samba member server to the 2003-AD domain, and check that Windows users with spaces in their names can access shares on that box. Thanks ! Jeremy.
On Wed, 2015-06-03 at 14:24 +0200, Andreas Happe wrote:> Hi, > > On Tue, Jun 2, 2015 at 11:34 PM, Jeremy Allison <jra at samba.org> wrote: > > > So we really should work in this case. Can you recap what > > isn't working ? > > > > Thank you! > > Added a Samba Domain Controller (4.1.17-Debian) to a Microsoft Windows > 2003-based Active Directory (had to upgrade the Schema Version, if this is > important I can gather that information). > > User Account Information got replicated.When I disconnected the Windows > Server most Clients (Windows 7) did work -- except those with blanks in the > username. Tests (adding/removing) blanks to the names made the problem > reproducible (removed the blank from an exising account with blanks -> > login did work. Reintroduced the blank -> login did not work). > > With a Linux Client kinit did work (with or without blanks in usernames). > > The Samba Server is currently disconnected from the network (as it prevents > clients from login), but can be reactivated if needed.Some logs and network traces would be very interesting. This really should just work, we go to quite some lengths *not* to look into the username for anything important in the AD DC, we base everything on the SID. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hi, On Mon, Jun 8, 2015 at 5:26 AM, Andrew Bartlett <abartlet at samba.org> wrote:> Some logs and network traces would be very interesting. This really > should just work, we go to quite some lengths *not* to look into the > username for anything important in the AD DC, we base everything on the > SID. >Any preferences how to get them? I am not sure if my client would like to see his name, etc. in a public mailing list and would either "censor" the logs or send them to you in private. cheers, Andreas Happe