Please note that for user or share mode security, the username map is applied prior to validating the user
credentials. Domain member servers (domain or ads) apply the username map after the user has been
successfully authenticated by the domain controller and require fully qualified enties in the map table (e.g.
- biddle = DOMAIN\foo).
+ biddle = <literal>DOMAIN\foo</literal>).
</para>
<para>
</para>
<para>
- Samba versions prior to 3.0.8 would only support reading the fully qualified username (e.g.: DOMAIN\user) from
+ Samba versions prior to 3.0.8 would only support reading the fully qualified username
+ (e.g.: <literal>DOMAIN\user</literal>) from
the username map when performing a kerberos login from a client. However, when looking up a map entry for a
user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent
behavior sometimes even on the same server.
<para>
When relying upon a external domain controller for validating authentication requests, smbd will apply the username map
- to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated.
+ to the fully qualified username (i.e. <literal>DOMAIN\user</literal>) only after the user has been successfully authenticated.
</para>
<para>
git.samba.org / ira / wip.git / commitdiff