domain_client_validate() in smbd/password.c
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Feb 17 16:53:08 GMT 1999
this requires a trust relationship between the two PDCs (not SMB servers)
and we haven't done that yet, sorry.
On Thu, 18 Feb 1999, Nicolas Williams wrote:
>
> But I thought that clients in domains other than the SMB server's should
> be able to get validated, provided that their domains are trusted by the
> SMB server's domain.
>
> Is this not true?
>
> Nico
>
>
> On Thu, Feb 18, 1999 at 03:15:34AM +1100, Luke Kenneth Casson Leighton wrote:
> > On Thu, 18 Feb 1999, Ken Weaverling wrote:
> >
> > > What am I missing here please...
> > >
> > > In domain_client_validate, it gets passed the domain name of the
> > > client in char *domain. (in rev 2.0.2 at least)
> > >
> > > That eventually gets sent to the NT server in cli_nt_login_network().
> > >
> > > The problem I see is if the client's domain (workgroup) isn't the same as
> > > the NT servers, it fails with NT_NO_SUCH_USER.
> >
> > absolutely correct behaviour.
> >
> > > The bottom-line of this is that samba in security=domain will not allow
> > > anyone to authenticate unless their PC is in the same domain as Samba and
> > > the NT password server. PCs in simple workgroups are locked out.
> >
> > correct.
> >
> > security = domain makes the samba server a member of the domain.
>
<a href="mailto:lkcl at samba.anu.edu.au" > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://www.samba.co.uk" > Samba and Network Consultancy </a>
More information about the samba-technical
mailing list