domain_client_validate() in smbd/password.c
Nicolas Williams
Nicolas.Williams at wdr.com
Wed Feb 17 16:43:43 GMT 1999
But I thought that clients in domains other than the SMB server's should
be able to get validated, provided that their domains are trusted by the
SMB server's domain.
Is this not true?
Nico
On Thu, Feb 18, 1999 at 03:15:34AM +1100, Luke Kenneth Casson Leighton wrote:
> On Thu, 18 Feb 1999, Ken Weaverling wrote:
>
> > What am I missing here please...
> >
> > In domain_client_validate, it gets passed the domain name of the
> > client in char *domain. (in rev 2.0.2 at least)
> >
> > That eventually gets sent to the NT server in cli_nt_login_network().
> >
> > The problem I see is if the client's domain (workgroup) isn't the same as
> > the NT servers, it fails with NT_NO_SUCH_USER.
>
> absolutely correct behaviour.
>
> > The bottom-line of this is that samba in security=domain will not allow
> > anyone to authenticate unless their PC is in the same domain as Samba and
> > the NT password server. PCs in simple workgroups are locked out.
>
> correct.
>
> security = domain makes the samba server a member of the domain.
More information about the samba-technical
mailing list