TomK
2020-Feb-21 05:52 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
Hey Guy's, When the user is 'joe at mds.xyz' login works fine on Win 10. Same user types on a Mac OS gives [ Mac OS - Fails ] [2020/02/21 00:03:16.960566, 5, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM] [ Win 10 - Works ] [2020/02/20 23:58:01.059514, 5, pid=11929, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC] User types in both cases is: joe at mds.xyz Apparetly the @ symbol is throwing things off. Perhaps the Mac is interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits them up then fails to login? What could be the issue here? -- Thx, TK. # cat /etc/samba/smb.conf # See smb.conf.example for a more detailed config file or # read the smb.conf manpage. # Run 'testparm' to verify the config is correct after # you modified it. [global] workgroup = SAMBA security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw log level = 4 max protocol = SMB3 min protocol = NT1 local master = no realm = * [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [NFS-bob] comment = NFS Shared Storage - bob path = /n/mds.xyz/bob valid users = bob at mds.xyz public = no writable = yes read only = no browseable = yes guest ok = no printable = no write list = bob at mds.xyz directory mask = 0775 create mask = 664 [NFS-joe] comment = NFS Shared Storage - joe path = /n/mds.xyz/joe valid users = joe at mds.xyz public = no writable = yes read only = no browseable = yes guest ok = yes printable = no write list = joe at mds.xyz directory mask = 0775 create mask = 664 [NFS-root] comment = NFS Shared Storage - root path = /n valid users = root public = no writable = yes read only = no browseable = yes guest ok = no printable = no write list = root directory mask = 0775 create mask = 664 [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @printadmin root force group = @printadmin create mask = 0664 directory mask = 0775 #
TomK
2020-Feb-21 13:09 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
On 2/21/2020 12:52 AM, TomK via samba wrote:> Hey Guy's, > > When the user is 'joe at mds.xyz' login works fine on Win 10.? Same user > types on a Mac OS gives > >[2020/02/21 00:03:17.050984, 4, pid=12382, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2020/02/21 00:03:17.051095, 3, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'joe' in passdb. [2020/02/21 00:03:17.051222, 5, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password) auth_check_ntlm_password: sam_ignoredomain authentication for user [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051358, 2, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:332(auth_check_ntlm_password) check_ntlm_password: Authentication for user [joe] -> [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051573, 2, pid=12382, effective(0, 0), real(0, 0)] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [NFS03]\[joe] at [Fri, 21 Feb 2020 00:03:17.051454 EST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [JOHN-PC] remote host [ipv4:192.168.0.6:55405] mapped to [NFS03]\[joe]. local host [ipv4:192.168.0.125:445] [2020/02/21 00:03:17.051751, 5, pid=12382, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:199(auth3_check_password) Checking NTLMSSP password for NFS03\joe failed: NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051951, 5, pid=12382, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password) ../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for NFS03\joe failed: NT_STATUS_NO_SUCH_USER [2020/02/21 00:03:17.052077, 2, pid=12382, effective(0, 0), real(0, 0)] ../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2020/02/21 00:03:17.052226, 4, pid=12382, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) Below is the mapping that happens when typing joe at mds.xyz in both cases. Login ultimately fails on the Macbook:> > > [ Mac OS - Fails ] > > [2020/02/21 00:03:16.960566,? 5, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > ? Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM] > > > > [ Win 10 - Works ] > > ????[2020/02/20 23:58:01.059514,? 5, pid=11929, effective(0, 0), > real(0, 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > ? Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC] > > > User types in both cases is: joe at mds.xyz > > Apparetly the @ symbol is throwing things off.?? Perhaps the Mac is > interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits > them up then fails to login? > > What could be the issue here? > >-- Thx, TK.
TomK
2020-Feb-21 19:20 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
:) > Am I missing something? I don?t see where you are using the ?@? symbol anywhere. > Mac is probably interpreting the parameters ?valid users? and ?write list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz or bob, at, mds.xyz. > > torch > Full user is "joe at mds.xyz" not just "joe". Samba checks that the user exists. So I have to specify a valid user be it AD, Local or Kerberos. Otherwise Samba fails with a error that it can't find the user. So when I type "joe at mds.xyz" as the user to login to Samba with in Win 10, I login just fine. On MAC, I type in "joe at mds.xyz" as the user and it apparently splits up the string into "joe" and "mds.xyz". Seemingly this is correct since I guess it sees it as <user>@<server> instead of seeing the whole string ("joe at mds.xyz") as a user. Hoping this clarifies a bit? Cheers, TK On 2/21/2020 8:09 AM, TomK via samba wrote:> On 2/21/2020 12:52 AM, TomK via samba wrote: >> Hey Guy's, >> >> When the user is 'joe at mds.xyz' login works fine on Win 10.? Same user >> types on a Mac OS gives >> >> > > [2020/02/21 00:03:17.050984,? 4, pid=12382, effective(0, 0), real(0, 0)] > ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > ? pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2020/02/21 00:03:17.051095,? 3, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/check_samsec.c:399(check_sam_security) > ? check_sam_security: Couldn't find user 'joe' in passdb. > [2020/02/21 00:03:17.051222,? 5, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password) > ? auth_check_ntlm_password: sam_ignoredomain authentication for user > [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 > [2020/02/21 00:03:17.051358,? 2, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth.c:332(auth_check_ntlm_password) > ? check_ntlm_password:? Authentication for user [joe] -> [joe] FAILED > with error NT_STATUS_NO_SUCH_USER, authoritative=1 > [2020/02/21 00:03:17.051573,? 2, pid=12382, effective(0, 0), real(0, 0)] > ../auth/auth_log.c:760(log_authentication_event_human_readable) > ? Auth: [SMB2,(null)] user [NFS03]\[joe] at [Fri, 21 Feb 2020 > 00:03:17.051454 EST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] > workstation [JOHN-PC] remote host [ipv4:192.168.0.6:55405] mapped to > [NFS03]\[joe]. local host [ipv4:192.168.0.125:445] > [2020/02/21 00:03:17.051751,? 5, pid=12382, effective(0, 0), real(0, 0)] > ../source3/auth/auth_ntlmssp.c:199(auth3_check_password) > ? Checking NTLMSSP password for NFS03\joe failed: > NT_STATUS_NO_SUCH_USER, authoritative=1 > [2020/02/21 00:03:17.051951,? 5, pid=12382, effective(0, 0), real(0, 0)] > ../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password) > ? ../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for > NFS03\joe failed: NT_STATUS_NO_SUCH_USER > [2020/02/21 00:03:17.052077,? 2, pid=12382, effective(0, 0), real(0, 0)] > ../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg) > ? SPNEGO login failed: NT_STATUS_NO_SUCH_USER > [2020/02/21 00:03:17.052226,? 4, pid=12382, effective(0, 0), real(0, 0)] > ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > > > Below is the mapping that happens when typing joe at mds.xyz in both cases. > ?Login ultimately fails on the Macbook: > >> >> >> [ Mac OS - Fails ] >> >> [2020/02/21 00:03:16.960566,? 5, pid=12382, effective(0, 0), real(0, >> 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) >> ?? Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM] >> >> >> >> [ Win 10 - Works ] >> >> ?????[2020/02/20 23:58:01.059514,? 5, pid=11929, effective(0, 0), >> real(0, 0), class=auth] >> ../source3/auth/auth_util.c:126(make_user_info_map) >> ?? Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC] >> >> >> User types in both cases is: joe at mds.xyz >> >> Apparetly the @ symbol is throwing things off.?? Perhaps the Mac is >> interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits >> them up then fails to login? >> >> What could be the issue here? >> >> > >-- Thx, TK.
Andrew Bartlett
2020-Feb-21 19:36 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
On Fri, 2020-02-21 at 00:52 -0500, TomK via samba wrote:> Hey Guy's, > > When the user is 'joe at mds.xyz' login works fine on Win 10. Same user > types on a Mac OS gives > > > > > [ Mac OS - Fails ] > > [2020/02/21 00:03:16.960566, 5, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM] > > > > [ Win 10 - Works ] > > [2020/02/20 23:58:01.059514, 5, pid=11929, effective(0, 0), real(0, > 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC] > > > User types in both cases is: joe at mds.xyz > > Apparetly the @ symbol is throwing things off. Perhaps the Mac is > interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits > them up then fails to login? > > What could be the issue here?Sadly this really appears to be is a client issue. You see there the string Samba gets, so by the time Samba tries the process it the @ is already interpreted and the string split. Sorry! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Possibly Parallel Threads
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10