NT user authentication

Luke Kenneth Casson Leighton lkcl at switchboard.net
Thu Dec 3 15:54:31 GMT 1998

On Thu, 3 Dec 1998, Jeremy Allison wrote:

> Andrej Borsenkow wrote:
> > 
> > I got this from a book on NT networking. Can anybody please comment on this?
> > This describes, how member of NT domain verifies remote logon request
> > 
> > 1. check (domain,user) with DC. If O.K. log user on as (domain,user)
> > 2. check user against local user database. If O.K., log on as local user
> > 3. if guest is allowed, log on as guest
> > 4. deny request
> > 
> > I am somewhay uneasy about 2 ...
> > 
> Yes this is how it works. It is also how Samba 2.0 works
> also.

it's how samba (all versions) have worked, up to the main branch, by
ignoring the domain parameter altogether.  except in "security  = server
or domain" where it checks the user/pass against the "password server"
parameter, which need not be _your_ pdc, just an SMB server (for security
= server) and which needs to be your pdc (for security = domain).

> Don't know about the HEAD branch as that has so
> widely diverged at the moment.

neither do i, exactly: the intention is to take user/pass/domain into
account not just user/pass.


More information about the samba-ntdom mailing list