Bug 4741 - mixed case usernames get lowercased, authentication fails
mixed case usernames get lowercased, authentication fails
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: File Services
All All
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2007-06-25 12:56 UTC by James R Grinter
Modified: 2017-08-24 12:13 UTC (History)
2 users (show)

See Also:

log file excerpt from debug level 5 (3.59 KB, text/plain)
2007-06-25 12:58 UTC, James R Grinter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description James R Grinter 2007-06-25 12:56:34 UTC
If a Windows client attempts to authenticate with a mixed case username, with security = domain, and accounts present in both Windows domain and Unix password map, it will receive STATUS_LOGON_FAILURE.

Samba is successfully authenticating the user against the DC (Windows doesn't care about case, of course), but then fails to find it in the Unix password map (Unix, specifically Solaris 8 here, does: the user is indeed mixed case.)

I'll attach an smb.log excerpt.

Code examination shows that Get_Pwnam_internals() (lib/username.c) is intended to try first the lowercase, then the as-given case, and then optionally try a few variations up to the 'username level' parameter. But it's also clear from the debug logs that both values of username (user and user2) are lowercase by this point so it doesn't have the "as-given" value to try.

This appears to be because fill_sam_account() (auto/auth_util.c), creates a lowercase copy of the username called lower_username, assembles it into dom_user, and then uses that in its call to smb_getpwnam(), which in turn calls the Get_Pwnam*() routines.

I can't seem to work around this by using a username map, because the second time around it still gets lower cased. 

Lastly, the code for fill_sam_account() seems to be the same in 3.0.25.
Comment 1 James R Grinter 2007-06-25 12:58:25 UTC
Created attachment 2781 [details]
log file excerpt from debug level 5

(username changed, but case maintained.)