The Samba-Bugzilla – Bug 583
bug comparing RE.ALM\user and DOMAIN\user
Last modified: 2005-08-24 10:22:11 UTC
Here's the situation: The netbios name of the domain is XORNDOMAIN, the DNS name
of the domain is XORNDOMAIN.COM. The samba box and the win2k client are both in
this domain. A user logs on to the win2k client as user1 from the domain.
There is a share on the samba box configured so that XORNDOMAIN\User1 is the
only user in valid users =
So the problem is that the user from session setup when the client makes a
kerberos connection is actually XORNDOMAIN.COM\User1, and not XORNDOMAIN\USER1,
as we specify in the valid users = line. The result of this is that XORNDOMAIN.
COM\User1 from session setup != XORNDOMAIN\User1 as specified in smb.conf,
which results in NT_STATUS_ACCESS_DENIED to the client.
Now, when we make a non-kerberos connection the user from session setup is
actually XORNDOMAIN\User1. The result of this is XORNDOMAIN\User1 from session
setup == XORNDOMAIN\User1 as specified in valid users =, which results in a
successful connection for the client.
I should be alowed to put in either XORDOMAIN\User1 *or* XORNDOMAIN.COM\User1
for valid users = and it should allow connection regardless of how the client
connects (kerberos, ntlm, lm, etc).
I like short summaries :-) They show up in the columns correctly.
When a client comes in as DOMAIN.COM\User1,
but the valid users = paremeter is set to DOMAIN\User1
Samba fails to realize they are the same user
reseting target milestone. 3.0.1 has been frozen. WIll have to
We now always use the short name.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.