NT user authentication
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu Dec 3 15:54:31 GMT 1998
On Thu, 3 Dec 1998, Jeremy Allison wrote:
> Andrej Borsenkow wrote:
> >
> > I got this from a book on NT networking. Can anybody please comment on this?
> > This describes, how member of NT domain verifies remote logon request
> >
> > 1. check (domain,user) with DC. If O.K. log user on as (domain,user)
> > 2. check user against local user database. If O.K., log on as local user
> > 3. if guest is allowed, log on as guest
> > 4. deny request
> >
> > I am somewhay uneasy about 2 ...
> >
>
> Yes this is how it works. It is also how Samba 2.0 works
> also.
it's how samba (all versions) have worked, up to the main branch, by
ignoring the domain parameter altogether. except in "security = server
or domain" where it checks the user/pass against the "password server"
parameter, which need not be _your_ pdc, just an SMB server (for security
= server) and which needs to be your pdc (for security = domain).
> Don't know about the HEAD branch as that has so
> widely diverged at the moment.
neither do i, exactly: the intention is to take user/pass/domain into
account not just user/pass.
luke
More information about the samba-ntdom
mailing list