It's unclear whether or not this has been broken for a long time or not, but in Samba 4.10, this doesn't work. source3/winbindd/winbindd_irpc.c - wb_irpc_SamLogon Returns NT_STATUS_REQUEST_NOT_ACCEPTED for non-UPN bind DNs (due to a missing target domain). There appears to be crude handling of UPNs in wb_irpc_SamLogon which allows these to be forwarded onto winbind, however, there are some minor issues in winbind which prevent the authentication from succeeding (still). How to correct the non-UPN DN bind isn't exactly clear currently. Somewhere in the stack, the name needs to be re-cracked, or the mapped name needs to be plumbed through (possibly with a flag).
Created attachment 15032 [details] Test that fails currently Here is a quick attempt at a test, note that this uses the standard user DN (there probably needs to be a test using the UPN). I'm not sure that this test actually works properly (and will work once simple binds are fixed), but at least it shows that this fails.
This bug was referenced in samba master: a30a7626254c863f95b98c97ea46ff54b98078ad 90754591a7e4d5a3af70c01425930f4ec063c516 5a3214c99048a88b0a9f509e3b5b38326529b02c 03ba5af3d9eaeb5f0c7c1a1a61ef2ac454eb8392 751ce671a4af32bc1c56433a5a1c8161377856c5 0b1fbc9d56e2a25e3f1527ee5bc54880bdc65fc6 3625d1381592f7af8ec14715c6c2dfa4d9f02676 2ad44686229ba02f98de5769c26a3dfeaf5ada2b 62fb6c1dc8527db6cf0f08d4d06e8813707f767a 5c04c01354944fc3a64bb109bf3e9bf89086cc6f 31db704882bbcd569c2abb764ac1d3691ee0a267 a6fb598d9dcbfe21ef285b5f30fabcb88a259c93 9a4ac8ab2e2c8ee48f6bf5a6ecf7988c435ba1c6 859c7817350553259eb09c889bc40afebb60064a 99efe5f4e9ce426b28cef94d858849707ce15739 ca6948642bc2ff821ec4ca8ab24902b1ba9e8397 52787b9c1e9370133ff4481c62c2e7b9393c2439 c7b8c71b2b71bb9d95c33d403c4204376f443852 a12683bd1206df4d4d87a3842d92e34a69e172b7 c56cb12f347b7582290ce1d4dfe3959d69050bd9 e1d2c59d360fb4e72dafe788b5d9dbb0572bf811 8dfdbe095a4c8a7bedd29341656a7c3164517713 427125d182252d8aee3dd906ee34a909cdbb8ef3 24b580cae23860a0fe6c9d3a285d60564057043d 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86
Created attachment 17198 [details] Patches for v4-16-test
Created attachment 17199 [details] Patches for v4-15-test
Created attachment 17200 [details] Patches for v4-14-test
jsutton please don't forget to re-assign the bug to Jule (janger@samba.org) once you grant the review+. It's needed to get things pushed to the release branches.
Pushed to autobuild-v4-{16,15,14}-test.
This bug was referenced in samba v4-16-test: 528ed90d03ab74f45f5c6d790e468445767b259e 43c4dc75e21051e41dc2ed8dc8e2c42857aa6591 ff7ffbdf612dbf1a1e177b57deb2bcabf4152d23 c35de738dad02b847aab18220228dcab6e45fab0 4b245891416d421bd6c0899d6098af16d1648d05 54bb3569e5d66bc5a8d62174c811bd21221cb364 d92b46a4c04f2e2b30e60069404d0f4d31c2491e 64b2075c119e0cfa401082993f692bd48a343090 fcec3b21d9a9cf77567dcdfb993a430785236ede 80f35f7ab6a992d8b93c1e12b061039ee64d117b 9898afd747f790521cacca91e64bb9e9838b8817 6841fdef65bbe62260f9eb200d00742e3aef1a8f 27a8698ced542308c5e72648e1a65dfb41ce1943 7b31dcbd70464a5a110452b70079ff230748114d 20be02ecfded1de4e765fba78f0b7d9a5f2e6837 b353567acf0a6b813b79cb782d9888b69b14180f 03996701fb5421916eba5616be2cf3fa2041b450 e691165b4de1466a11fe8288c1601ced31b9f1ff a219a81ff89912cbd55050e9e1fa78731f66e3bc c46c341016d82566d97829d67b40a0e7bed25f36 cd29a661e0f552b0d29c87fae7a9be8703c3a9db 1e617128adbb8eadf8e66473260b28a07894db30 f4e3909545013dafccba1e7ac22e3a78209b77ea 7bb17ee5134fa8cbcc2278da142defa4834bd2b3 bf8f8c592b0395562a7bd296505c24ec09f65e4b
This bug was referenced in samba v4-14-test: 5ca483720320fa8662ab3aca375c48b9e1347859 657c7c9a34bd8a848ac2d41cb2541c51e5716563 6e43d4ca919698c2153262294961fef944312dd8 845d3674286b410070d215a73f75af4e758935af 275f57f3796d7e74a2a9b69de51be53b89814f06 50954766056e974f0ca4eb244e8c76e8c731a223 2472d44f9c93ab03bc0919bebc61b6874348001e 1a0d92a9bef54a725266caec944f7882101a5a89 c331fc104e75d303e42ef88097bf88851941f4d2 e7a0e1db90d1accd7b3602e5d0a088de74bd329d dd91493ed62fd2118f7a896e51251d3b3ea6493d 1ead3a4d0dd7d5b2c65b93c0501c3da9267e08dd 9d4b98aa568ae7b7bc0a481587922eb869161740 1d8369c9232f9350fef001ed8f1138a903fdde8f 7ef4c442c6356e9670ae4f8253b129e4acc54725 e0222e2fd8b9c84dd74356a5273741f57ea6ed42 9981c6731d017f24991df9448687ed1bea709234 8bdf62eb2d3180b900e77992845d13f50689488a 311a4cc141acaae8a10084f56e23efa352518ff3 57401a170aaa097e42c6e310e7ed76d9ae5a0b60 9b631f4efebd45b921a7d0461fe2b548698003aa 8fa656cdeed16e24803ecae840397f94412821c2 f4179deb2736ece953c5fa9d29358f3cb4d01d1c 65498505cbfab81471e77fd1eedad4c7374be32d 2a9a5185553ba7b4abc6e65680f881ee936842a1
This bug was referenced in samba v4-15-test: 2bbb9a4298c19ccbf0fbd6ca4e984f1cd329f04e 84f7b94852a7719df716ca5285e4da29d793d1a0 92da29a1136eb8c97db2bf97e927e539edd7b8cc 7b63119267a92f8ac752325b95f90b75ffa6db1f 72698f73949536f2e44d0165ffa44f2dd38c9ddc ec84a7acfcc92cf5e722bac7113e7a071f934ff4 0da8b2b368321d57368424374bd9c8d0536900ac af30bd71cd33512fd78e686a9864d8fb3189c60c e69264845334eb51773afdac4841ad7d9fca6b04 02824c7942db4b93bd0e1a525361ad00b13eca1c 2d425bb116a93ed219f01ee0203b58867748ae8b db17de0b611e4d5de824fe3790c81f17805ec23c 240785f4e4fe10788790be169f8e591cf2d777b7 dffebcba823c13b1cf29ac2d6209223e248f278c c6bb5e6277667e3993ac73b21afa76bb5b24e4d5 63a6fb82a77940d47ce2a2862c5b2245c8f16af3 070af6f1fa07e528e5ada8a0f13cdaf6a5858890 a304052c4fcc8f5f59e923e4032dd30fa139ca86 249b023f2b89f02443106585b16ecd56922b3411 8cd57a22283033efd70d67fc6593b4dbc205b9d5 2e41cbc8bec5707ac54fb6f43bdab54ae69e6317 2c15a949f5da95eae73a478f17edf124de81ecfe 5e81cde9faeb2dda7b2ee807611365c830fb1adf 54fd8eb1aac02cbd30c65b1617025dd1b7cf425e 1f1d6d4e745b99fea2986e4ee65006be5f77ec09
Closing out bug report. Thanks!
This bug was referenced in samba v4-16-stable (Release samba-4.16.0): 528ed90d03ab74f45f5c6d790e468445767b259e 43c4dc75e21051e41dc2ed8dc8e2c42857aa6591 ff7ffbdf612dbf1a1e177b57deb2bcabf4152d23 c35de738dad02b847aab18220228dcab6e45fab0 4b245891416d421bd6c0899d6098af16d1648d05 54bb3569e5d66bc5a8d62174c811bd21221cb364 d92b46a4c04f2e2b30e60069404d0f4d31c2491e 64b2075c119e0cfa401082993f692bd48a343090 fcec3b21d9a9cf77567dcdfb993a430785236ede 80f35f7ab6a992d8b93c1e12b061039ee64d117b 9898afd747f790521cacca91e64bb9e9838b8817 6841fdef65bbe62260f9eb200d00742e3aef1a8f 27a8698ced542308c5e72648e1a65dfb41ce1943 7b31dcbd70464a5a110452b70079ff230748114d 20be02ecfded1de4e765fba78f0b7d9a5f2e6837 b353567acf0a6b813b79cb782d9888b69b14180f 03996701fb5421916eba5616be2cf3fa2041b450 e691165b4de1466a11fe8288c1601ced31b9f1ff a219a81ff89912cbd55050e9e1fa78731f66e3bc c46c341016d82566d97829d67b40a0e7bed25f36 cd29a661e0f552b0d29c87fae7a9be8703c3a9db 1e617128adbb8eadf8e66473260b28a07894db30 f4e3909545013dafccba1e7ac22e3a78209b77ea 7bb17ee5134fa8cbcc2278da142defa4834bd2b3 bf8f8c592b0395562a7bd296505c24ec09f65e4b
This bug was referenced in samba v4-14-stable (Release samba-4.14.13): 5ca483720320fa8662ab3aca375c48b9e1347859 657c7c9a34bd8a848ac2d41cb2541c51e5716563 6e43d4ca919698c2153262294961fef944312dd8 845d3674286b410070d215a73f75af4e758935af 275f57f3796d7e74a2a9b69de51be53b89814f06 50954766056e974f0ca4eb244e8c76e8c731a223 2472d44f9c93ab03bc0919bebc61b6874348001e 1a0d92a9bef54a725266caec944f7882101a5a89 c331fc104e75d303e42ef88097bf88851941f4d2 e7a0e1db90d1accd7b3602e5d0a088de74bd329d dd91493ed62fd2118f7a896e51251d3b3ea6493d 1ead3a4d0dd7d5b2c65b93c0501c3da9267e08dd 9d4b98aa568ae7b7bc0a481587922eb869161740 1d8369c9232f9350fef001ed8f1138a903fdde8f 7ef4c442c6356e9670ae4f8253b129e4acc54725 e0222e2fd8b9c84dd74356a5273741f57ea6ed42 9981c6731d017f24991df9448687ed1bea709234 8bdf62eb2d3180b900e77992845d13f50689488a 311a4cc141acaae8a10084f56e23efa352518ff3 57401a170aaa097e42c6e310e7ed76d9ae5a0b60 9b631f4efebd45b921a7d0461fe2b548698003aa 8fa656cdeed16e24803ecae840397f94412821c2 f4179deb2736ece953c5fa9d29358f3cb4d01d1c 65498505cbfab81471e77fd1eedad4c7374be32d 2a9a5185553ba7b4abc6e65680f881ee936842a1
This bug was referenced in samba v4-15-stable (Release samba-4.15.7): 2bbb9a4298c19ccbf0fbd6ca4e984f1cd329f04e 84f7b94852a7719df716ca5285e4da29d793d1a0 92da29a1136eb8c97db2bf97e927e539edd7b8cc 7b63119267a92f8ac752325b95f90b75ffa6db1f 72698f73949536f2e44d0165ffa44f2dd38c9ddc ec84a7acfcc92cf5e722bac7113e7a071f934ff4 0da8b2b368321d57368424374bd9c8d0536900ac af30bd71cd33512fd78e686a9864d8fb3189c60c e69264845334eb51773afdac4841ad7d9fca6b04 02824c7942db4b93bd0e1a525361ad00b13eca1c 2d425bb116a93ed219f01ee0203b58867748ae8b db17de0b611e4d5de824fe3790c81f17805ec23c 240785f4e4fe10788790be169f8e591cf2d777b7 dffebcba823c13b1cf29ac2d6209223e248f278c c6bb5e6277667e3993ac73b21afa76bb5b24e4d5 63a6fb82a77940d47ce2a2862c5b2245c8f16af3 070af6f1fa07e528e5ada8a0f13cdaf6a5858890 a304052c4fcc8f5f59e923e4032dd30fa139ca86 249b023f2b89f02443106585b16ecd56922b3411 8cd57a22283033efd70d67fc6593b4dbc205b9d5 2e41cbc8bec5707ac54fb6f43bdab54ae69e6317 2c15a949f5da95eae73a478f17edf124de81ecfe 5e81cde9faeb2dda7b2ee807611365c830fb1adf 54fd8eb1aac02cbd30c65b1617025dd1b7cf425e 1f1d6d4e745b99fea2986e4ee65006be5f77ec09
This bug was referenced in samba master: e93d73b618797565dec66b31de961dc062264bd2