domain_client_validate() in smbd/password.c

Luke Kenneth Casson Leighton lkcl at switchboard.net
Wed Feb 17 16:07:58 GMT 1999


On Thu, 18 Feb 1999, Ken Weaverling wrote:

> What am I missing here please...
> 
> In domain_client_validate, it gets passed the domain name of the
> client in char *domain. (in rev 2.0.2 at least)
> 
> That eventually gets sent to the NT server in cli_nt_login_network().
> 
> The problem I see is if the client's domain (workgroup) isn't the same as
> the NT servers, it fails with NT_NO_SUCH_USER.

absolutely correct behaviour.
 
> The bottom-line of this is that samba in security=domain will not allow
> anyone to authenticate unless their PC is in the same domain as Samba and
> the NT password server. PCs in simple workgroups are locked out.

correct.

security = domain makes the samba server a member of the domain.



More information about the samba-technical mailing list