domain_client_validate() in smbd/password.c

Jeremy Allison jallison at
Thu Feb 18 01:18:57 GMT 1999

Ken Weaverling wrote:
> I guess the design goal here is to make Samba as close to an NT server
> clone as possible, including duplicating its limitations too?!?!?! ;-)

Well, not quite :-). All Samba does is forward the domain
part of the users logon request to the domain controller
in question in this case.

This allows people with a domain infrastructure set up
to have a Samba server allow user "DOM1\fred" access,
but have "DOM2\fred" denied.

By causing Samba to drop the "DOM" part of the user
name the PDC will automatically assume it's own domain
- which may not be what you want. For instance, "DOM1\fred"
probably has a differnt password to "DOM2\fred", and
if you just send the authentication request as "fred"
to the PDC for DOM1, then a (potentially valid) DOM2\fred
login would be denied.

Maybe we could make it a parameter "force domain" or
something to allow the Samba admin to force all domain
logins to appear to be from a certain domain ?


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list