SAMLOGON UDP request
Jean Francois Micouleau
Jean-Francois.Micouleau at dalalu.fr
Fri Dec 11 18:33:26 GMT 1998
On Sat, 12 Dec 1998, Andrej Borsenkow wrote:
> This logon request has also some bits that are not used currently. It
> explicitly sets "workstation trust account" bit. Do we have this currently
> in smbpasswd?
Yep. Check the private/smbpasswd file, the field enclosed in brace defines
the kind of account and other things.
This can eliminate need to have "users" for workstations in
> /etc/passwd at all.
Nope. To have an account in smbpasswd, those account must be in
etc/passwd. Samba is based on unix security.
> And now I begin to understand how trust work ... It creates account for
> trusting domain in trusted domain (yes, we have trust here) and when it gets
> session setup for user from trusted domain, it sends SAMLOGON with "domain
> trust account" bit set, and then simply uses passthrough authentication ...
> Sounds easy, eh ?
Yep, I'm curious to see the network trace when you establish the trust
> It means, that smbpasswd has to have flags "WS accounts", "domain account",
It already have the Ws account flag -> -m
> "user account" ... and nmbd should have access to it :)
> looks like it
Yep but there is still the dependency to solve.
More information about the samba-technical