Here's the situation: The netbios name of the domain is XORNDOMAIN, the DNS name of the domain is XORNDOMAIN.COM. The samba box and the win2k client are both in this domain. A user logs on to the win2k client as user1 from the domain. There is a share on the samba box configured so that XORNDOMAIN\User1 is the only user in valid users = So the problem is that the user from session setup when the client makes a kerberos connection is actually XORNDOMAIN.COM\User1, and not XORNDOMAIN\USER1, as we specify in the valid users = line. The result of this is that XORNDOMAIN. COM\User1 from session setup != XORNDOMAIN\User1 as specified in smb.conf, which results in NT_STATUS_ACCESS_DENIED to the client. Now, when we make a non-kerberos connection the user from session setup is actually XORNDOMAIN\User1. The result of this is XORNDOMAIN\User1 from session setup == XORNDOMAIN\User1 as specified in valid users =, which results in a successful connection for the client. I should be alowed to put in either XORDOMAIN\User1 *or* XORNDOMAIN.COM\User1 for valid users = and it should allow connection regardless of how the client connects (kerberos, ntlm, lm, etc).
I like short summaries :-) They show up in the columns correctly. When a client comes in as DOMAIN.COM\User1, but the valid users = paremeter is set to DOMAIN\User1 Samba fails to realize they are the same user
reseting target milestone. 3.0.1 has been frozen. WIll have to re-evaluate these.
Fixed with http://lists.samba.org/archive/samba-cvs/2004-January/046326.html and http://lists.samba.org/archive/samba-cvs/2004-January/046327.html We now always use the short name. Volker
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.