domain_client_validate() in smbd/password.c

Luke Kenneth Casson Leighton lkcl at
Thu Feb 18 00:18:34 GMT 1999

On Wed, 17 Feb 1999, Matt Chapman wrote:

> Luke Kenneth Casson Leighton wrote:
> > nt-pdc1   nt-pdc2  samba-memberof-nt-pdc2
> >
> > trust between nt-pdc1 and nt-pdc2.  clients in nt-pdc2's domain can access
> > samba-memoberof-nt-pdc2.  clients in nt-pdc1: no, i don't think so.
> > maybe!  try it!
> Methinks it should work; the workstation-level SamLogon to pdc2 should
> be the same, and pdc2 is then responsible for the domain-level
> SamLogon to pdc1.

yeah.  samba should just pass-through the auth-info from the
client-of-nt-pdc1, domain-name and all, through to nt-pdc2.  nt-pdc2,
which has a working trust-relationship with nt-pdc1, should pass-through
to nt-pdc1.  nt-pdc1 verifies and it gets passed all the way back again.


More information about the samba-technical mailing list