domain_client_validate() in smbd/password.c

Nicolas Williams Nicolas.Williams at
Wed Feb 17 16:43:43 GMT 1999

But I thought that clients in domains other than the SMB server's should
be able to get validated, provided that their domains are trusted by the
SMB server's domain.

Is this not true?


On Thu, Feb 18, 1999 at 03:15:34AM +1100, Luke Kenneth Casson Leighton wrote:
> On Thu, 18 Feb 1999, Ken Weaverling wrote:
> > What am I missing here please...
> > 
> > In domain_client_validate, it gets passed the domain name of the
> > client in char *domain. (in rev 2.0.2 at least)
> > 
> > That eventually gets sent to the NT server in cli_nt_login_network().
> > 
> > The problem I see is if the client's domain (workgroup) isn't the same as
> > the NT servers, it fails with NT_NO_SUCH_USER.
> absolutely correct behaviour.
> > The bottom-line of this is that samba in security=domain will not allow
> > anyone to authenticate unless their PC is in the same domain as Samba and
> > the NT password server. PCs in simple workgroups are locked out.
> correct.
> security = domain makes the samba server a member of the domain.

More information about the samba-technical mailing list