The Samba-Bugzilla – Bug 4741
mixed case usernames get lowercased, authentication fails
Last modified: 2017-08-24 12:13:56 UTC
If a Windows client attempts to authenticate with a mixed case username, with security = domain, and accounts present in both Windows domain and Unix password map, it will receive STATUS_LOGON_FAILURE.
Samba is successfully authenticating the user against the DC (Windows doesn't care about case, of course), but then fails to find it in the Unix password map (Unix, specifically Solaris 8 here, does: the user is indeed mixed case.)
I'll attach an smb.log excerpt.
Code examination shows that Get_Pwnam_internals() (lib/username.c) is intended to try first the lowercase, then the as-given case, and then optionally try a few variations up to the 'username level' parameter. But it's also clear from the debug logs that both values of username (user and user2) are lowercase by this point so it doesn't have the "as-given" value to try.
This appears to be because fill_sam_account() (auto/auth_util.c), creates a lowercase copy of the username called lower_username, assembles it into dom_user, and then uses that in its call to smb_getpwnam(), which in turn calls the Get_Pwnam*() routines.
I can't seem to work around this by using a username map, because the second time around it still gets lower cased.
Lastly, the code for fill_sam_account() seems to be the same in 3.0.25.
Created attachment 2781 [details]
log file excerpt from debug level 5
(username changed, but case maintained.)