Overview On a PC joined to a Windows domain, and logged into Windows as a domain user: when using Windows Explorer to make an initial connection to a Samba share on a Samba server joined to the same domain as the client, the connection fails and the user is prompted for credentials in Windows. Upon entering domain\username credentials, the connection succeeds. Steps to Reproduce Join Samba server as member server in a Windows domain. Join client to same domain. Log in to client as valid domain user. Enter \\servername\sharename into Windows Explorer. Actual Results Username/password prompt appears in Windows. Expected Results Connection is made and the desired \\server\share appears in Windows Explorer without a username/password prompt. This behavior is exhibited on Samba 2.2. Additional Information When Windows makes the initial connection before user is prompted in Windows: #/var/log/samba.clienthostname [2005/03/16 11:37:22, 0] auth/auth_util.c:make_server_info_info3(1120) make_server_info_info3: pdb_init_sam failed! useradd: invalid user name 'USERNAME' useradd: invalid user name 'USERNAME' useradd: invalid user name 'USERNAME' After user enters domain\username at Windows prompt: #/var/log/samba.clienthostname [2005/03/16 15:27:41, 1] smbd/service.c:make_connection_snum(619) clienthostname (1.2.3.4) connect to service sharename initially as user username (uid=1000, gid=100) (pid 1016) #/etc/samba/smb.conf [global] workgroup = DOMAIN server string = Samba Server security = DOMAIN passdb backend = tdbsam:/etc/samba/private/passdb.tdb log file = /var/log/samba.%m max log size = 50 add user script = /usr/sbin/useradd -g users %u dns proxy = No wins server = 1.2.3.4, 2.3.4.5 ldap ssl = no idmap uid = 10000-200000 idmap gid = 10000-200000 winbind use default domain = Yes netbios name = SERVER password server = * #/etc/nsswitch.conf passwd: compat winbind group: compat winbind hosts: files dns networks: files services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files bootparams: files automount: files aliases: files Patch from Schlomo Schapiro -------------8<--------------- /* Parse a string of the form DOMAIN/user into a domain and a user */ /* Changed by Schlomo to set the samba workgroup as default domain to integrate domain users transparently */ void parse_domain_user(char *domuser, fstring domain, fstring user) { char *p; char *sep = lp_winbind_separator(); char *workgroup = lp_workgroup(); if (!sep) sep = "\\"; p = strchr(domuser,*sep); if (!p) p = strchr(domuser,'\\'); if (!p) { fstrcpy(domain,workgroup); fstrcpy(user, domuser); return; } fstrcpy(user, p+1); fstrcpy(domain, domuser); domain[PTR_DIFF(p, domuser)] = 0; strupper(domain); } ----------------->8------------------- Comments It almost seems as if the initial connection by Windows is sending the naked username, without the domain\ in front. Is there a way to tell Winbind to add domain\ in front of naked usernames or something? As you can see above I turned on 'winbind use default domain' but obviously that does not fix the problem.
is this really 3.0.4 ? I can't reproduce this behavior (and haven't seen it for a long time). Can you retest against 3.0.13 ? Thanks.
Yes, 'smbd --version' reports 3.0.4. It came with Slackware 10 and is on a server that is about to go production. So I will have to try 3.0.13 on a different Slackware 10 machine.
It works properly with 3.0.13; i.e., the first time Windows connects, a local Linux system account is created and Windows does not prompt domain users on domain PCs for logon credentials. This bug appears to be limited to 3.0.4, or is a problem introduced by Slackware's method of packaging of Samba in their distribution, or is a problem in my configuration. However, I copied the exact same smb.conf over to my 3.0.13 box -- so I don't think it's the configuration.
Ah-HA! Samba 3.0.4 passes a CAPITALIZED username to the add user script. The Linux system utility 'useradd' does not accept ALL CAPS usernames. I wrote a little script called myuseradd (below), which converts the uppercase username passed by Samba to lowercase before passing it to the add user script. The lowercase username is accepted by useradd, and this allows 3.0.4 to work properly, just like 2.2 and 3.0.13. So it is a bug in 3.0.4 -- 3.0.4 should lowercase the username string before passing it to the add user script. Not sure what status you want to put on this bug now, Jerry. #/bin/myuseradd tolower () # Converts string(s) passed as argument(s) { #+ to lowercase. if [ -z "$1" ] # If no argument(s) passed, then #+ send error message echo "(null)" #+ (C-style void-pointer error message) return #+ and return from function. fi echo "$@" | tr A-Z a-z # Translate all passed arguments ($@). return # Use command substitution to set a variable to function output. # For example: # oldvar="A seT of miXed-caSe LEtTerS" # newvar=`tolower "$oldvar"` # echo "$newvar" # a set of mixed-case letters } useradd -g users `tolower "$@"`
fixed in a later release. verified by reporter.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.