Comments (15)
no problem, it happens - I can't recall how many hours I spend on IT problems caused by a small missing or wrong character :D.
sure test it and close this issue if you get it to work. if not I might close it in a week or so
from samba.
okay I've updated the readme, and it's kinda obvious why it makes problems, I bet it crashes the hashing - it's some windows reverse engineered hashing - that's why it's implemented in samba.
it somehow needs to generate a hash which is compatible with case insensivity - by providing a case sensetive example it might not be able to calculate a valid hash...
at least that what I think the root cause can be :)
from samba.
yeah I just released the update, the perfect place to lowercase the username is the create hash script itself, so I did that :)
from samba.
Hi there,
thanks for this issue, also thanks for testing it from different angles.
I'll take a look
from samba.
I've just run the script with foo
and password password123
. I've added the hash to a user and was able to connect to the share.
I retried with a fresh hash for foo
and password bar
this also worked without problems
echo -e "$PASSWORD_1\n$PASSWORD_1" | smbpasswd "$USERNAME" 2> /dev/null >/dev/null
if your password contains something like \n
or other backslashes it might act wierd, or you might need to replace a single \
with a escaped \\
ACCOUNT_foo: "foo:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:86C156FC198B358CCCF6278D8BD49B6A:[U ]:LCT-63DCB9F1:"
it is important to put the value inside "
it seems to me that there is no issue
tried on currently latest, and even rebuild it from scratch without cache
from samba.
funny...I just ran into the same issue like @whitestrake. finally it was the trailing ":" that I missed to copy
from samba.
I'll be quite cross with myself and mildly embarrassed if that's the case in my error.
I'll be able to check on this on Monday and either try to find a way to reliably reproduce, or fall on my sword.
from samba.
Hey @MarvAmBass, can you perhaps try generating a password hash for a username with a capital letter?
It works for me when I generate an account with all lowercase:
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ echo -e "matt\nfoo\nfoo" | docker run -i --rm --entrypoint create-hash.sh servercontainers/samba:latest
>> Enter username: >> New password:
>> Retype password:
matt:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:AC8E657F83DF82BEEA5D43BDAF7800CC:[U ]:LCT-63E04014:
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ grep -A10 samba: docker-compose.yml
samba:
image: servercontainers/samba:latest
restart: unless-stopped
network_mode: host
cap_add:
- NET_ADMIN
volumes:
- /mnt/storage:/mnt/storage
environment:
ACCOUNT_matt: "matt:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:AC8E657F83DF82BEEA5D43BDAF7800CC:[U ]:LCT-63E04014:"
SAMBA_VOLUME_CONFIG_Storage: "[Storage]; path=/mnt/storage"
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ dc up -d samba
[+] Running 1/1
⠿ Container npssrvx-samba-1 Started 0.2s
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ dc exec samba env
PATH=/container/scripts:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=npssvrx
TERM=xterm
ACCOUNT_matt=matt:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:AC8E657F83DF82BEEA5D43BDAF7800CC:[U ]:LCT-63E04014:
SAMBA_VOLUME_CONFIG_Storage=[Storage]; path=/mnt/storage
HOME=/root
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ echo "foo" | smbclient //npssvrx/Storage -U matt
Enter WORKGROUP\matt's password:
Try "help" to get a list of possible commands.
But not when I generate an account that starts with an uppercase letter:
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ echo -e "Matt\nfoo\nfoo" | docker run -i --rm --entrypoint create-hash.sh servercontainers/samba:latest
>> Enter username: >> New password: >> Retype password:
Matt:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:AC8E657F83DF82BEEA5D43BDAF7800CC:[U ]:LCT-63E03EAA:
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ grep -A10 samba: docker-compose.yml
samba:
image: servercontainers/samba:latest
restart: unless-stopped
network_mode: host
cap_add:
- NET_ADMIN
volumes:
- /mnt/storage:/mnt/storage
environment:
ACCOUNT_Matt: "Matt:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:AC8E657F83DF82BEEA5D43BDAF7800CC:[U ]:LCT-63E03EAA:"
SAMBA_VOLUME_CONFIG_Storage: "[Storage]; path=/mnt/storage"
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ dc up -d samba
[+] Running 1/1
⠿ Container npssrvx-samba-1 Started 0.2s
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ dc exec samba env
PATH=/container/scripts:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=npssvrx
TERM=xterm
SAMBA_VOLUME_CONFIG_Storage=[Storage]; path=/mnt/storage
ACCOUNT_Matt=Matt:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:AC8E657F83DF82BEEA5D43BDAF7800CC:[U ]:LCT-63E03EAA:
HOME=/root
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ echo "foo" | smbclient //npssvrx/Storage -U Matt
Enter WORKGROUP\Matt's password:
session setup failed: NT_STATUS_LOGON_FAILURE
from samba.
Keep in mind, that I only maintain a container here, this seems like a typical samba/windows uppercase/lowercase issue
take a look at this docu: https://www.linuxtopia.org/online_books/network_administration_guides/using_samba_book/ch06_02_11.html
I suspect that it's currently turned of by default
also, maybe your client does the magic and converts it to all lowercase during transfer
from samba.
Works perfectly if I don't use this hash:
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ grep -A10 samba: docker-compose.yml
samba:
image: servercontainers/samba:latest
restart: unless-stopped
network_mode: host
cap_add:
- NET_ADMIN
volumes:
- /mnt/storage:/mnt/storage
environment:
ACCOUNT_Matt: "foobar"
SAMBA_VOLUME_CONFIG_Storage: "[Storage]; path=/mnt/storage"
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ dc exec samba env
PATH=/container/scripts:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=npssvrx
TERM=xterm
ACCOUNT_Matt=foobar
SAMBA_VOLUME_CONFIG_Storage=[Storage]; path=/mnt/storage
HOME=/root
matt in /mnt/ssd at npssvrx is 🐳 v20.10.21
➜ echo "foobar" | smbclient //npssvrx/Storage -U Matt
Enter WORKGROUP\Matt's password:
Try "help" to get a list of possible commands.
from samba.
If I generate a hash for username matt
then logins work for any permutation of capitalisation (e.g. Matt
, mAtt
, MaTT
, etc). If I generate a hash for Matt
, none of these work.
This doesn't strike me as an issue with case insensitivity defaults after the fact.
Is there a possibility it's an issue with the script? If not, would it be worth an addendum to your README that hash generation with mixed username capitalisation is broken due to the way Samba works in this container?
from samba.
here I was also thinking about updating the readme on this one.
super interesseting behaviour - it somehow doesn't make much sense - besides that all lowercase ignores capitalisation (think about samba as a windows facing software which usually needs to ignore capitalisation)
since my script only calls smbpasswd
it's rooted within samba itself
from samba.
Yeah, looking at the script, that's pretty much literally all it does. No manipulation at all, no chance really for it to interfere with Samba's own behaviour.
Honestly - if you wanted to be super accommodating, you might consider having your script lowercase the username input to preempt user error here, maybe with a switch and a note in the README/comments regarding that behavior.
Otherwise, just a note that the user should use all lowercase usernames by default seems like plenty.
Feel free to close this issue, on that note.
Thanks again!
from samba.
yeah I was thinking about automatically putting it to lowercase... but I'm not sure
from samba.
Doing that seems sensible to me, with an optional switch to disable username normalisation, documented in the comments of the script. But, that is an accommodation on your part that would be nice to users, but not necessary.
If a much more proficient user with some corner case requirement for this seemingly broken hashing requires a capitalised username, we could assume such a user would be proficient enough to simply run the Samba utilities to generate their own hash even if you didn't provide an off switch for username normalisation.
from samba.
Related Issues (20)
- No access to shared folder HOT 5
- Read-only shared folders HOT 2
- Question: Which version of Samba (v1/v2/v3/v4) is being used, and can it be changed for best performance? HOT 5
- force user = %U with timemachine HOT 5
- Why does turning on time machine modify my read and write permissions HOT 4
- Samba Server not visible HOT 5
- `disable netbios = yes` disregards `$NETBIOS_DISABLE` HOT 1
- Multiline not working HOT 3
- Cannot use UID and GID of a host user HOT 1
- differnce to dperson/samba HOT 1
- How to set the Time Machine share max size differently for different users HOT 6
- Why I can't create file? HOT 2
- Add configuration to change AVAHI service host name HOT 10
- Not Able to Delete Files HOT 14
- auth error when use compose list format HOT 14
- enable encryption HOT 2
- Can't connect on my share remotely and not discovarable HOT 4
- Scheduled Docker builds failing HOT 3
- samba:smbd-only-latest always reports unhealthy status HOT 2
- Accessible but empty folder HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samba.