search

abbra / freeipa

Mirror of FreeIPA, an integrated security information management solution
http://www.freeipa.org
GNU General Public License v3.0
2 stars 1 forks source link

gc-wip: some user login formats are not supported for autologon #65

Closed wladich closed 3 years ago

wladich commented 3 years ago

Tested with autologon Windows feature (link) on AD controller and client machines.

I have also checked that all used login formats work for non-admin AD user.

With DefaultDomainName

DefaultUserName DefaultDomainName Login works
logintest testrelm.test -
logintest TESTRELM.TEST +
logintest Testrelm.Test -
logintest testrelm -
logintest TESTRELM -
logintest Testrelm -
LOGINTEST TESTRELM.TEST +
Logintest TESTRELM.TEST +

Without DefaultDomainName

DefaultUserName Login works
logintest@testrelm.test +
logintest@TESTRELM.TEST +
logintest@Testrelm.Test +
logintest@testrelm -
logintest@TESTRELM -
logintest@Testrelm -
testrelm.test\logintest -
TESTRELM.TEST\logintest +
Testrelm.Test\logintest -
testrelm\logintest -
TESTRELM\logintest -
Testrelm\logintest -
LOGINTEST@ipa.test +
Logintest@ipa.test +
IPA.TEST\LOGINTEST +
IPA.TEST\Logintest +

In all cases when login fails, Windows displays message "The user name or password is incorrect. Try again"

Is GC supposed to support all of those login formats?

wladich commented 3 years ago

Update: added mixed-case domain names and variants of user name in upper case

wladich commented 3 years ago

The table "Without DefaultDomainName" also applies to WinRM logons from Windows to Windows:

abbra commented 3 years ago

Moved this ticket to https://pagure.io/freeipa/issue/8733