[Pkg-samba-maint] Bug#849146: samba: empty client domain is not mapped to standalone server domain when user name contains @

Andrea Janna andre60 at brazcubas.br
Thu Dec 22 23:22:49 UTC 2016

Package: samba
Version: 2:4.5.2+dfsg-1
Severity: normal
Tags: upstream patch

After upgrading from Samba 4.4.7 to 4.5.2 user authentication stopped working in our installation.

We are mapping (via username map script) usernames from full email addresses to real Samba usernames so that users can login to Samba server using email address as username.
Samba is configured as standalone server.

Upstrean commit 3f82db56cbf2727abd465e28ac02ad2242b47c29 modified client domain mapping so that an empty domain is not mapped any more to Samba server domain if username contains "@".
Since we have no domain at our site Windows clients send empty domain string to Samba when users attempt to log in.
When user tries to login using full email address as username Samba doesn't map the empty domain to Samba server domain and authentication fails.

As reported in upstream bug https://bugzilla.samba.org/show_bug.cgi?id=12375 preserving empty domain is useful only if there is a domain controller.
I'd expect that when Samba configuration is "server role = standalone" empty client domain will always be mapped to server domain.

I wrote a simple patch that fixes the problem allowing empty domain mapping if Samba role is standalone server.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages samba depends on:
ii  adduser              3.115
ii  dpkg                 1.18.15
ii  init-system-helpers  1.46
ii  libbsd0              0.8.3-1
ii  libc6                2.24-8
ii  libldb1              2:1.1.27-1
ii  libpam-modules       1.1.8-3.3
ii  libpam-runtime       1.1.8-3.3
ii  libpopt0             1.16-10
ii  libpython2.7         2.7.13~rc1-1
ii  libtalloc2           2.1.8-1
ii  libtdb1              1.3.11-2
ii  libtevent0           0.9.31-1
ii  libwbclient0         2:4.5.2+dfsg-1
ii  lsb-base             9.20161125
ii  procps               2:3.3.12-3
ii  python               2.7.11-2
ii  python-dnspython     1.15.0-1
ii  python-samba         2:4.5.2+dfsg-1
pn  python2.7:any        <none>
ii  samba-common         2:4.5.2+dfsg-1
ii  samba-common-bin     2:4.5.2+dfsg-1
ii  samba-libs           2:4.5.2+dfsg-1
ii  tdb-tools            1.3.11-2
ii  update-inetd         4.43

Versions of packages samba recommends:
ii  attr                1:2.4.47-2
ii  logrotate           3.8.7-2
ii  samba-dsdb-modules  2:4.5.2+dfsg-1
ii  samba-vfs-modules   2:4.5.2+dfsg-1

Versions of packages samba suggests:
pn  bind9          <none>
pn  bind9utils     <none>
pn  ctdb           <none>
pn  ldb-tools      <none>
pn  ntp            <none>
pn  smbldap-tools  <none>
pn  ufw            <none>
pn  winbind        <none>

-- Configuration Files:
/etc/logrotate.d/samba changed [not included]

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: UBC_email_username
Type: text/x-diff
Size: 525 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20161222/bc92fe66/attachment.diff>

More information about the Pkg-samba-maint mailing list