TomK
2020-Feb-21 05:52 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
Hey Guy's,
When the user is 'joe at mds.xyz' login works fine on Win 10. Same user
types on a Mac OS gives
[ Mac OS - Fails ]
[2020/02/21 00:03:16.960566, 5, pid=12382, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM]
[ Win 10 - Works ]
[2020/02/20 23:58:01.059514, 5, pid=11929, effective(0, 0), real(0,
0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC]
User types in both cases is: joe at mds.xyz
Apparetly the @ symbol is throwing things off. Perhaps the Mac is
interpreting joe at mds.xyz to mean user 'joe' at host
'mds.xyz', splits
them up then fails to login?
What could be the issue here?
--
Thx,
TK.
# cat /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
log level = 4
max protocol = SMB3
min protocol = NT1
local master = no
realm = *
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[NFS-bob]
comment = NFS Shared Storage - bob
path = /n/mds.xyz/bob
valid users = bob at mds.xyz
public = no
writable = yes
read only = no
browseable = yes
guest ok = no
printable = no
write list = bob at mds.xyz
directory mask = 0775
create mask = 664
[NFS-joe]
comment = NFS Shared Storage - joe
path = /n/mds.xyz/joe
valid users = joe at mds.xyz
public = no
writable = yes
read only = no
browseable = yes
guest ok = yes
printable = no
write list = joe at mds.xyz
directory mask = 0775
create mask = 664
[NFS-root]
comment = NFS Shared Storage - root
path = /n
valid users = root
public = no
writable = yes
read only = no
browseable = yes
guest ok = no
printable = no
write list = root
directory mask = 0775
create mask = 664
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
#
TomK
2020-Feb-21 13:09 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
On 2/21/2020 12:52 AM, TomK via samba wrote:> Hey Guy's, > > When the user is 'joe at mds.xyz' login works fine on Win 10.? Same user > types on a Mac OS gives > >[2020/02/21 00:03:17.050984, 4, pid=12382, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2020/02/21 00:03:17.051095, 3, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'joe' in passdb. [2020/02/21 00:03:17.051222, 5, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password) auth_check_ntlm_password: sam_ignoredomain authentication for user [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051358, 2, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:332(auth_check_ntlm_password) check_ntlm_password: Authentication for user [joe] -> [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051573, 2, pid=12382, effective(0, 0), real(0, 0)] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [NFS03]\[joe] at [Fri, 21 Feb 2020 00:03:17.051454 EST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [JOHN-PC] remote host [ipv4:192.168.0.6:55405] mapped to [NFS03]\[joe]. local host [ipv4:192.168.0.125:445] [2020/02/21 00:03:17.051751, 5, pid=12382, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:199(auth3_check_password) Checking NTLMSSP password for NFS03\joe failed: NT_STATUS_NO_SUCH_USER, authoritative=1 [2020/02/21 00:03:17.051951, 5, pid=12382, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password) ../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for NFS03\joe failed: NT_STATUS_NO_SUCH_USER [2020/02/21 00:03:17.052077, 2, pid=12382, effective(0, 0), real(0, 0)] ../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2020/02/21 00:03:17.052226, 4, pid=12382, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) Below is the mapping that happens when typing joe at mds.xyz in both cases. Login ultimately fails on the Macbook:> > > [ Mac OS - Fails ] > > [2020/02/21 00:03:16.960566,? 5, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > ? Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM] > > > > [ Win 10 - Works ] > > ????[2020/02/20 23:58:01.059514,? 5, pid=11929, effective(0, 0), > real(0, 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > ? Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC] > > > User types in both cases is: joe at mds.xyz > > Apparetly the @ symbol is throwing things off.?? Perhaps the Mac is > interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits > them up then fails to login? > > What could be the issue here? > >-- Thx, TK.
TomK
2020-Feb-21 19:20 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
:)
> Am I missing something? I don?t see where you are using the ?@?
symbol anywhere.
> Mac is probably interpreting the parameters ?valid users? and ?write
list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz or
bob, at, mds.xyz.
>
> torch
>
Full user is "joe at mds.xyz" not just "joe".
Samba checks that the user exists. So I have to specify a valid user be
it AD, Local or Kerberos. Otherwise Samba fails with a error that it
can't find the user.
So when I type "joe at mds.xyz" as the user to login to Samba with in
Win
10, I login just fine.
On MAC, I type in "joe at mds.xyz" as the user and it apparently
splits up
the string into "joe" and "mds.xyz". Seemingly this is
correct since I
guess it sees it as <user>@<server> instead of seeing the whole
string
("joe at mds.xyz") as a user.
Hoping this clarifies a bit?
Cheers,
TK
On 2/21/2020 8:09 AM, TomK via samba wrote:> On 2/21/2020 12:52 AM, TomK via samba wrote:
>> Hey Guy's,
>>
>> When the user is 'joe at mds.xyz' login works fine on Win 10.?
Same user
>> types on a Mac OS gives
>>
>>
>
> [2020/02/21 00:03:17.050984,? 4, pid=12382, effective(0, 0), real(0, 0)]
> ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
> ? pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2020/02/21 00:03:17.051095,? 3, pid=12382, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/check_samsec.c:399(check_sam_security)
> ? check_sam_security: Couldn't find user 'joe' in passdb.
> [2020/02/21 00:03:17.051222,? 5, pid=12382, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
> ? auth_check_ntlm_password: sam_ignoredomain authentication for user
> [joe] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051358,? 2, pid=12382, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:332(auth_check_ntlm_password)
> ? check_ntlm_password:? Authentication for user [joe] -> [joe] FAILED
> with error NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051573,? 2, pid=12382, effective(0, 0), real(0, 0)]
> ../auth/auth_log.c:760(log_authentication_event_human_readable)
> ? Auth: [SMB2,(null)] user [NFS03]\[joe] at [Fri, 21 Feb 2020
> 00:03:17.051454 EST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
> workstation [JOHN-PC] remote host [ipv4:192.168.0.6:55405] mapped to
> [NFS03]\[joe]. local host [ipv4:192.168.0.125:445]
> [2020/02/21 00:03:17.051751,? 5, pid=12382, effective(0, 0), real(0, 0)]
> ../source3/auth/auth_ntlmssp.c:199(auth3_check_password)
> ? Checking NTLMSSP password for NFS03\joe failed:
> NT_STATUS_NO_SUCH_USER, authoritative=1
> [2020/02/21 00:03:17.051951,? 5, pid=12382, effective(0, 0), real(0, 0)]
> ../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password)
> ? ../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for
> NFS03\joe failed: NT_STATUS_NO_SUCH_USER
> [2020/02/21 00:03:17.052077,? 2, pid=12382, effective(0, 0), real(0, 0)]
> ../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg)
> ? SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> [2020/02/21 00:03:17.052226,? 4, pid=12382, effective(0, 0), real(0, 0)]
> ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
>
>
> Below is the mapping that happens when typing joe at mds.xyz in both cases.
> ?Login ultimately fails on the Macbook:
>
>>
>>
>> [ Mac OS - Fails ]
>>
>> [2020/02/21 00:03:16.960566,? 5, pid=12382, effective(0, 0), real(0,
>> 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
>> ?? Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM]
>>
>>
>>
>> [ Win 10 - Works ]
>>
>> ?????[2020/02/20 23:58:01.059514,? 5, pid=11929, effective(0, 0),
>> real(0, 0), class=auth]
>> ../source3/auth/auth_util.c:126(make_user_info_map)
>> ?? Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC]
>>
>>
>> User types in both cases is: joe at mds.xyz
>>
>> Apparetly the @ symbol is throwing things off.?? Perhaps the Mac is
>> interpreting joe at mds.xyz to mean user 'joe' at host
'mds.xyz', splits
>> them up then fails to login?
>>
>> What could be the issue here?
>>
>>
>
>
--
Thx,
TK.
Andrew Bartlett
2020-Feb-21 19:36 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
On Fri, 2020-02-21 at 00:52 -0500, TomK via samba wrote:> Hey Guy's, > > When the user is 'joe at mds.xyz' login works fine on Win 10. Same user > types on a Mac OS gives > > > > > [ Mac OS - Fails ] > > [2020/02/21 00:03:16.960566, 5, pid=12382, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM] > > > > [ Win 10 - Works ] > > [2020/02/20 23:58:01.059514, 5, pid=11929, effective(0, 0), real(0, > 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map) > Mapping user []\[joe at mds.xyz] from workstation [JOHN-PC] > > > User types in both cases is: joe at mds.xyz > > Apparetly the @ symbol is throwing things off. Perhaps the Mac is > interpreting joe at mds.xyz to mean user 'joe' at host 'mds.xyz', splits > them up then fails to login? > > What could be the issue here?Sadly this really appears to be is a client issue. You see there the string Samba gets, so by the time Samba tries the process it the @ is already interpreted and the string split. Sorry! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Possibly Parallel Threads
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
- Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10