Gerald Carter wrote: > > On Thu, 19 Sep 2002 [EMAIL PROTECTED] wrote: > > > > > I am part of a large worldwide Active Directory and all of our individual > > site NT domain names have an ampersand symbol in them > > (for example: VWS@ROCHESTER) Samba 2.2.6pre2 and older won't join this > > domain name, or allow connections to it from users in this domain. The > > logs state that the domain name is "VWS_ROCHESTER", the code is squashing > > the @ to an _ causing all authentification attempts to fail. Since we are > > migrating to this domain, all of our samba servers will NOT function for > > users connecting from the AD domains due to the domain-name mangling. > > > > I was told this was done as part of a security audit to the samba code, but > > it breaks compatibility in a major way. Ampersands are VALID in a netbios > > domain name, just not in a machine name (AFAIK), but samba doesn't comply > > in this regard. Since changing the netbios domain names of our win2k > > domains is not possible, I need a fix ASAP. Any suggestions? > > grrr... I hate that alpha_strcpy() code. I'll get you a fix today. > Can you send me a level 10 debug log of the failure?
It also catches people with names like O'Reilly (often used with username map). The issue is fixing this while keeping a lit on the %U macro games - particulary with things like 'security=server' and 'add user script' etc. In Samba HEAD we come much closer to being able to have a 'safe' username for %U etc, and an 'unsafe' name for internal use. Most of the work remaining is a good code audit... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
