torch
2020-Feb-21 19:06 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
Am I missing something? I don?t see where you are using the ?@? symbol anywhere. Mac is probably interpreting the parameters ?valid users? and ?write list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz or bob, at, mds.xyz. torch
Rowland penny
2020-Feb-21 19:24 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
On 21/02/2020 19:06, torch via samba wrote:> Am I missing something? I don?t see where you are using the ?@? symbol anywhere. > Mac is probably interpreting the parameters ?valid users? and ?write list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz or bob, at, mds.xyz. > > torchMy question would be 'why is the OP trying to login using what appears to be a UPN to something (standalone server) that doesn't use kerberos ?' More info required. Rowland
TomK
2020-Feb-21 23:10 UTC
[Samba] Mac OS and interpretation of @ in a username. Ex user@mds.xyz doesn't work on Mac OS but does on Win 10
On 2/21/2020 2:24 PM, Rowland penny via samba wrote:> On 21/02/2020 19:06, torch via samba wrote: >> Am I missing something?? I don?t see where you are using the ?@? >> symbol anywhere. >> Mac is probably interpreting the parameters ?valid users? and ?write >> list" (correctly, I think ;-) as a LIST of 3 users: joe, at, mds.xyz >> or bob, at, mds.xyz. >> >> torch > > My question would be 'why is the OP trying to login using what appears > to be a UPN to something (standalone server) that doesn't use kerberos ?' > > More info required. > > Rowland > > >Valid question. The target server, let's call it nfs03.nix.mds.xyz shares a path via both CIFS and NFS. The said server, nfs03, is Kerberized via SSSD to a set of FreeIPA servers.? The FreeIPA servers in turn have a trust with the AD DC domain mds.xyz . nfs03 <-> FreeIPA <-> AD DC So joe at mds.xyz is an AD user presented via FreeIPA on nfs03. [root at nfs03 samba]# id joe at mds.xyz uid=166602204(joe at mds.xyz) gid=166602204(joe at mds.xyz) groups=166602204(joe at mds.xyz),1843300089(domain-users) [root at nfs03 samba]# Running id joe doesn't work of course.? Doesn't exist.?? mds.xyz is the AD domain.? There are other domains and other users on those different domains, such as drew at nix.mds.xyz, who doesn't exist in AD and is only local to Linux servers.? We also need to distinguish a user1 at mds.xyz vs a user1 at nix.mds.xyz for example. So need to use the domain, at least for now. Using joe won't work in samba since it checks the OS to verify the user exists.? So need to use joe at mds.xyz however Samba, rightly so, splits this string up into what it things is the user, 'joe' and host 'mds.xyz'.? I'm looking for a way to suppress this so it doesn't split up joe at mds.xyz . "Sadly this really appears to be is a client issue. You see there the string Samba gets, so by the time Samba tries the process it the @ is already interpreted and the string split. Sorry! Andrew Bartlett" Yeah, wondering if there is a way to tell Samba NOT to split that up and treat joe at mds.xyz as a single user. This works fine in Win 10 so I agree, it's probably a client SMB configuration issue but would like to know exactly what that config issue is. -- Thx, TK.