On Mon, Dec 08, 2003 at 12:47:28PM -0500, Hall, Ken (IDS ECCS) wrote: > I have a few users who have ID's in NT domain and AD that contain apostrophes, such > as O'Neill (fo'neill) , and O'Toole (go'toole). I've been trying to give them > access to shares, but Samba doesn't > seem to like this very much. > > I've been able to set up the ID's in our LDAP server so file ownership works, but > according to the log messages, Samba DOMAIN authentication seems to substitute an > underscore (go_toole) for the > apostrophe when sending the request to AD. Of course, AD comes back with > NT_STATUS_NO_SUCH_USER. > > NT/2K servers seem to have supported this, which is why the ID's exist here in the > first place. Is this a Samba restriction? Is there a way around it?
Hmmmm. Yeah, this is our (my) fault. We are very paranoid about allowing quote and other characters in a username as we can pass such names to UNIX script calls. Such "strange" characters can be used to invoke behaviour we're worried might break security. You could try adding the ' character to the define in include/smb.h ie. Add it to : #define SAFE_NETBIOS_CHARS ". -_" And also you'll need to change the line in smbd/password.c that reads : alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$", sizeof(vuser->user.smb_name)); to alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$'", sizeof(vuser->user.smb_name)); What do people thing about adding a "safe chars" option, or a "safe usernames" that modifies/removes these filters ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
