CVS update: samba/source/rpc_server
abartlet at samba.org
abartlet at samba.org
Sun Mar 3 14:56:54 EST 2002
Date: Sat Mar 2 19:56:53 2002
Author: abartlet
Update of /data/cvs/samba/source/rpc_server
In directory va:/tmp/cvs-serv1008/rpc_server
Modified Files:
srv_netlog_nt.c
Log Message:
This patch allows NT4 domains to trust Samba.
Simply add an account (smbpasswd -a -i REMOTEDOM) and join with 'user manager'
on the remote domain.
The only issue (at the auth level at least) that prevented NT4 domains from
trusting Samba was that our netlogon code was based on what appear to be
invalid assumptions.
The netlogon code appears to assume that the 'client name' specified
corrosponds to an account of the same form. This doesn't apply in trusted
domains, becouse the account is in the form domain$
Now that we use the supplied account name, and no longer make our access
control checks at the challange stage (where this info is unavailable) we
match the Win2k behaviour for invalid machine logins, and don't need to know
the names of PDCs/BDCs in trusting domains.
We also kill off the 'you logged on with a machine account, use your user
account' error message, becouse the previous NT_STATUS return was compleatly
bogus. (The ACCESS_DENIED we now return matches Win2k, and gives snane error
messages on the client).
TNG doesn't use this and has to do magic password syncs between the various
accounts for domain/pdc/bdc. This patch feels like the much more natural way
of doing things, and has been mildly tested.
Andrew Bartlett
Revisions:
srv_netlog_nt.c 1.52 => 1.53
http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_netlog_nt.c?r1=1.52&r2=1.53
More information about the samba-cvs
mailing list