This is the code which is returning the uSAMAccountName which is pre-win2k
name of the user.
char *ads_pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
LDAPMessage *msg)
{
#if 0 /* JERRY */
char *ret, *p;
/* lookup_name() only works on the sAMAccountName to
returning the username portion of userPrincipalName
breaks winbindd_getpwnam() */
ret = ads_pull_string(ads, mem_ctx, msg, "userPrincipalName");
if (ret && (p = strchr_m(ret, '@'))) {
*p = 0;
return ret;
}
#endif
return ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
}
On 7/24/07, Arvind Deshpande <[EMAIL PROTECTED]> wrote:
Actually in this case userPrincipalName and sAMAccountname are different.
Is it possible that Samba only displays the sAMAccountname?
Also if those differ, is it possible that Samba will have problem
authenticating against AD using win2k name of the user?
On current version of samba that's whats happening.
Issue is when win2k and pre-win2k names are different Samba is unable to
authenticate the user ( when you try DOMAIN\win2kname )
DOMAIN\pre-win2k user is authenticated but not found in valid users list
and hence will be denied access to the share.
In effect when win2k and pre-win2k names differ user can not mount the
share using DOMAIn\win2k or DOMAIN\pre-win2k names.
:-(
On 7/24/07, Gerald (Jerry) Carter <[EMAIL
PROTECTED]<https://mail.google.com/mail?view=cm&tf=0&[EMAIL PROTECTED]>>
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Felipe Augusto van de Wiel wrote:
> > Imagining that Samba3 is not as good as Samba4 with AD
> > and that Samba3 gives preference to NT4-style domains, probably
> > it is using the pre-win2k names. If you create a user without
> > "all the options that AD gives" what happens?
>
> It actually has more to do with name canonicalization
> that any missing features.
>
>
>
>
>
> cheers, jerry
> =====================================================================
> Samba ------- http://www.samba.org
> Centeris ----------- http://www.centeris.com
> "What man is a man who does not make the world better?" --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGphPRIR7qMdg1EfYRAl4gAJ4qtrmaHy5kcE/MnrILosqHhFpE0QCbBulr
> BVMz2GFD5ESxLNN28ZpCJkM=
> =6QBF
> -----END PGP SIGNATURE-----
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
