Rowland penny
2021-Mar-10 17:21 UTC
[Samba] winbind use default domain problem after upgrade
On 10/03/2021 16:46, Perttu Aaltonen via samba wrote:> My assumption was that ?winbind use default domain? affects the user mapping when they authenticate an SMB connection. So if the user hasn?t provided the domain part it will add the domain/workgroup part automatically. But now in my testing it seems that it doesn?t actually affect this. Setting it to ?no? doesn?t block authenticating with only the username part and I can see in the log that ?\user? is still mapped to ?DOMAIN\user?. > > This is how it works for me in Samba 4.10.5. I?m trying to find the exact version where authenticating with only the username part breaks for me and while doing that I noticed this. That this parameter doesn?t appear to work the way I thought it would, meaning it affecting the mapping of the username to domain user.OK, it doesn't matter how I try to connect or log in, I can use 'username' or 'DOMAIN\username' and it works for myself, from Linux to Linux, Windows to Linux. From the multiple 'fruit' lines, it is probably a good guess that you are using a Mac OS, so have you considered that this may in fact be a Mac problem ? Rowland
Perttu Aaltonen
2021-Mar-10 18:18 UTC
[Samba] winbind use default domain problem after upgrade
> On 10. Mar 2021, at 19.21, Rowland penny via samba <samba at lists.samba.org> wrote: > > On 10/03/2021 16:46, Perttu Aaltonen via samba wrote: >> My assumption was that ?winbind use default domain? affects the user mapping when they authenticate an SMB connection. So if the user hasn?t provided the domain part it will add the domain/workgroup part automatically. But now in my testing it seems that it doesn?t actually affect this. Setting it to ?no? doesn?t block authenticating with only the username part and I can see in the log that ?\user? is still mapped to ?DOMAIN\user?. >> >> This is how it works for me in Samba 4.10.5. I?m trying to find the exact version where authenticating with only the username part breaks for me and while doing that I noticed this. That this parameter doesn?t appear to work the way I thought it would, meaning it affecting the mapping of the username to domain user. > > > OK, it doesn't matter how I try to connect or log in, I can use 'username' or 'DOMAIN\username' and it works for myself, from Linux to Linux, Windows to Linux. From the multiple 'fruit' lines, it is probably a good guess that you are using a Mac OS, so have you considered that this may in fact be a Mac problem ? >Actually macOS works fine, it?s Supermicro IPMI virtual media that has the problem. I?m trying to get it working again in recent Samba versions. It?s only capable of NTLMv1 so perhaps that?s the key here. In 4.10.5 it works but in 4.12 it doesn?t work anymore even after enabling NTLMv1 and looking at the log the difference is that in 4.10.5 username is mapped while 4.12 it isn?t mapped anymore with the error ?NT_STATUS_NO_SUCH_USER". So here I thought that ?winbind use default domain? was the issue but looks like I was mistaken. I?ll try to install Samba versions in between those two and see after which update it stops working. -Perttu