domain_client_validate

Luke Kenneth Casson Leighton lkcl at regent.push.net
Wed Apr 29 10:32:44 GMT 1998


jeremy,

the domain passed to machine_password_lock() should be the domain that is
received in the OEM information of the SMBsesssetupX.  ok, not quite.

the OEM Domain info in the SesssetupX should be resolved by some means:
contact the DC for that domain and verify against that server.

on receipt of such a call, the server should check the domain name.  if
the domain name does not match the server's own domain, then the server
should _also_ do a [recursive] "network" or "interactive" login as
appropriate: this is what trusted domains is all about.

so i have an NT server contacting regent, a samba server, and i tell it to
contact the same NT server for its password database :-) :-)

except that the NT server is in domain DB and the samba server is in
domain TEST3.  so there is a little more work to do...

luke



More information about the samba-technical mailing list