Bug 1909 - Winbind does not use the win2000 logon name with security=ADS
Summary: Winbind does not use the win2000 logon name with security=ADS
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.10
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-11 07:33 UTC by Carlos Ospina
Modified: 2007-08-28 11:53 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Ospina 2004-10-11 07:34:00 UTC
I have curently configured a linux box to logon against a win2000 ADS with 
several hosted domains. It works right except for the fact that it only does 
it if i use the pre-windows2000 logon name (domain\\user_hosting) instead of 
the win2000 logon name(user@hosting), wich is what i need since there is a 
large base installed and configured that way!

I've tried using the domain and the ADS security models, with and without 
kerberos as needed and it only works that way, with the pre-windows2000 name 
only.

Thanks in advance!

Carlos Ospina
Comment 1 Carlos Ospina 2004-10-13 08:47:09 UTC
hello, i'd like to ask if this has been reviewed or maybe, luckily for me, 
there is a patch or something, so i can help and try it.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-10-15 07:01:14 UTC
the problem is that lsa_lookup_name() against 2k (haven't 
tried 2k3) will not resolve the SID for the user_principal
name.

Comment 3 Carlos Ospina 2004-11-30 09:49:13 UTC
hi, sorry to disturb :) Is there any fix to this in the new versions?

Thanks in advance!
Comment 4 Gerald (Jerry) Carter (dead mail address) 2004-12-20 14:16:16 UTC
update; actually, 2k[3] will resolve the sid for a UPN.  You just 
have to use the full UPN and not just the principal portion of it.

$ rpcclient spud -U Administrator -W AD -c \
'lookupnames gerald.carter@ad.plainjoe.org jerry'

gerald.carter@ad.plainjoe.org S-1-5-21-3234968684-14787312-124015166-1828
jerry                         S-1-5-21-3234968684-14787312-124015166-1828
Comment 5 Gerald (Jerry) Carter (dead mail address) 2007-08-28 11:53:41 UTC
Fixed for 3.2.0