domain_client_validate() in smbd/password.c

Luke Kenneth Casson Leighton lkcl at
Wed Feb 17 16:07:58 GMT 1999

On Thu, 18 Feb 1999, Ken Weaverling wrote:

> What am I missing here please...
> In domain_client_validate, it gets passed the domain name of the
> client in char *domain. (in rev 2.0.2 at least)
> That eventually gets sent to the NT server in cli_nt_login_network().
> The problem I see is if the client's domain (workgroup) isn't the same as
> the NT servers, it fails with NT_NO_SUCH_USER.

absolutely correct behaviour.
> The bottom-line of this is that samba in security=domain will not allow
> anyone to authenticate unless their PC is in the same domain as Samba and
> the NT password server. PCs in simple workgroups are locked out.


security = domain makes the samba server a member of the domain.

More information about the samba-technical mailing list