NT user authentication
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu Dec 3 15:54:31 GMT 1998
On Thu, 3 Dec 1998, Jeremy Allison wrote:
> Andrej Borsenkow wrote:
> > I got this from a book on NT networking. Can anybody please comment on this?
> > This describes, how member of NT domain verifies remote logon request
> > 1. check (domain,user) with DC. If O.K. log user on as (domain,user)
> > 2. check user against local user database. If O.K., log on as local user
> > 3. if guest is allowed, log on as guest
> > 4. deny request
> > I am somewhay uneasy about 2 ...
> Yes this is how it works. It is also how Samba 2.0 works
it's how samba (all versions) have worked, up to the main branch, by
ignoring the domain parameter altogether. except in "security = server
or domain" where it checks the user/pass against the "password server"
parameter, which need not be _your_ pdc, just an SMB server (for security
= server) and which needs to be your pdc (for security = domain).
> Don't know about the HEAD branch as that has so
> widely diverged at the moment.
neither do i, exactly: the intention is to take user/pass/domain into
account not just user/pass.
More information about the samba-ntdom