Security Identifier (SID) to User Identifier (uid) ResolutionSystem
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Dec 30 20:21:03 GMT 1999
On Thu, 30 Dec 1999, Jeremy Allison wrote:
> Luke Kenneth Casson Leighton wrote:
> >
> > On Thu, 30 Dec 1999, Jeremy Allison wrote:
> >
> > > Nicolas Williams wrote:
> > > >
> > > > Ay! I have been looking at Samba 2.0.5a served shares from an NT4 host
> > > > since Tuesday, but I never tried using an NT account from a different
> > > > domain.
> > >
> > > It wil work in the same way that an NT server can cope with access from
> > > an account from another domain because the Samba server looks at the
> > > incoming name, not a SID.
> >
> > yes.
> >
> > this is something that _really_ bothers me. i consider it to be
> > unacceptable, especially as there are perfectly good schemes to fix this
> > problem.
>
> Why does it bother you. It's the same thing that NT
> does in this case :-).
>
> Jeremy.
of course it damn well isn't!!! have you ever actually examined
SMBsesssetupX traffic from trusted domains? i have, and the username,
domain name and password are _all_ passwd across.
to implement NTLMv2 correctly, i had to pass the NT client's username AND
domain name across, when received from the SMBsesssetupX request, because
it's used to calculate the HMAC_MD5 checksum on the NTv2 variable-length
password response.
More information about the samba-technical
mailing list