Bug 583 - bug comparing RE.ALM\user and DOMAIN\user
Summary: bug comparing RE.ALM\user and DOMAIN\user
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.0
Hardware: Other other
: P2 critical
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
Depends on:
Reported: 2003-10-07 11:05 UTC by Marc Kaplan
Modified: 2005-08-24 10:22 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Marc Kaplan 2003-10-07 11:05:22 UTC
Here's the situation: The netbios name of the domain is XORNDOMAIN, the DNS name 
of the domain is XORNDOMAIN.COM. The samba box and the win2k client are both in 
this domain. A user logs on to the win2k client as user1 from the domain.
There is a share on the samba box configured so that XORNDOMAIN\User1 is the 
only user in valid users =

So the problem is that the user from session setup when the client makes a 
kerberos connection is actually XORNDOMAIN.COM\User1, and not XORNDOMAIN\USER1, 
as we specify in the valid users = line. The result of this is that XORNDOMAIN.
COM\User1 from session setup !=  XORNDOMAIN\User1 as specified in smb.conf, 
which results in NT_STATUS_ACCESS_DENIED to the client.

Now, when we make a non-kerberos connection the user from session setup is 
actually XORNDOMAIN\User1. The result of this is XORNDOMAIN\User1 from session 
setup == XORNDOMAIN\User1 as specified in valid users =, which results in a 
successful connection for the client.

I should be alowed to put in either XORDOMAIN\User1 *or* XORNDOMAIN.COM\User1 
for valid users = and it should allow connection regardless of how the client 
connects (kerberos, ntlm, lm, etc).
Comment 1 Gerald (Jerry) Carter (dead mail address) 2003-10-07 12:29:52 UTC
I like short summaries :-)  They show up in the columns correctly.

  When a client comes in as DOMAIN.COM\User1, 
  but the valid users = paremeter is set to DOMAIN\User1 
  Samba fails to realize they are the same user
Comment 2 Gerald (Jerry) Carter (dead mail address) 2003-12-12 08:28:08 UTC
reseting target milestone.  3.0.1 has been frozen.  WIll have to 
re-evaluate these.
Comment 3 Volker Lendecke 2004-01-04 06:37:33 UTC
Fixed with

We now always use the short name.

Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:22:11 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.