domain_client_validate() in smbd/password.c
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Feb 17 16:07:58 GMT 1999
On Thu, 18 Feb 1999, Ken Weaverling wrote:
> What am I missing here please...
> In domain_client_validate, it gets passed the domain name of the
> client in char *domain. (in rev 2.0.2 at least)
> That eventually gets sent to the NT server in cli_nt_login_network().
> The problem I see is if the client's domain (workgroup) isn't the same as
> the NT servers, it fails with NT_NO_SUCH_USER.
absolutely correct behaviour.
> The bottom-line of this is that samba in security=domain will not allow
> anyone to authenticate unless their PC is in the same domain as Samba and
> the NT password server. PCs in simple workgroups are locked out.
security = domain makes the samba server a member of the domain.
More information about the samba-technical