Bug 3932 - SaMBa gives error "xxx is a domain, not a user" when username = servername (security = SHARE only)
Summary: SaMBa gives error "xxx is a domain, not a user" when username = servername (s...
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.23
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-14 05:08 UTC by Nicolas Cuissard
Modified: 2006-07-14 10:00 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nicolas Cuissard 2006-07-14 05:08:20 UTC
Hello,

I'm using SaMBa to share homedirs of a linux server. Since version 3.0.23, when i try to reach the homedir of a user that have the server's name i have this error:

auth/auth_util.c:create_token_from_username(1059)
[user_name_here] is a Domain, not a user

This happens only with security = SHARE (works fine w/ security = USER) and only for shares like \\my_servername\my_servername, all other homedirs (\\my_servername\root, \\my_servername\user1, \\my_servername\public, etc.) are OK.

My smb.conf is very simple:

[global]
        workgroup = MY_WKGRP
        security = SHARE
        encrypt passwords = No
        blocking locks = No

[public]
        path = /pub
        guest ok = Yes

[homes]
        read only = No
        browseable = No
        veto oplock files = /*.MDB/*.LDB/*.ldb/*.mdb/

Bringing back SaMBa 3.0.22 or using "security = USER" does the trick but as i have public shares, i'd like to keep "security = SHARE".

I reproduced the error on two servers, both where compiled from the sources with this options:

./configure --prefix=/opt/samba-3.0.23 --disable-cups --without-ads --without-winbind --without-ldap

Reproducible: always

Step to reproduce: Go to security = SHARE and create a unix account that have the same name of the server and try to connect to the shared homedir.

Result: unable to mount the shared homedir.

Result expected: should be able to mount every account on the system, even the one that have the server's name.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-07-14 07:19:50 UTC
I don't see anyway around this.
Comment 2 Jeremy Allison 2006-07-14 09:29:04 UTC
Indeed - this is the "correct" behavior in a Windows network. You can't have a user the same name as a machine - it's like trying to have a user and service principal in a kerberos KDC with the same name. Can't happen.

Jeremy.
Comment 3 Nicolas Cuissard 2006-07-14 10:00:09 UTC
I wasn't aware of that, too bad this restrinction was working till version 3.0.22!

Is making DNS aliases a good way to workaround? If "my_servername_alias" is a DNS alias of "my_servername", then \\my_servername_alias\my_servername should be readable or do i need to change the username?