domain_client_validate() in smbd/password.c
Jeremy Allison
jallison at cthulhu.engr.sgi.com
Thu Feb 18 01:18:57 GMT 1999
Ken Weaverling wrote:
>
>
> I guess the design goal here is to make Samba as close to an NT server
> clone as possible, including duplicating its limitations too?!?!?! ;-)
>
Well, not quite :-). All Samba does is forward the domain
part of the users logon request to the domain controller
in question in this case.
This allows people with a domain infrastructure set up
to have a Samba server allow user "DOM1\fred" access,
but have "DOM2\fred" denied.
By causing Samba to drop the "DOM" part of the user
name the PDC will automatically assume it's own domain
- which may not be what you want. For instance, "DOM1\fred"
probably has a differnt password to "DOM2\fred", and
if you just send the authentication request as "fred"
to the PDC for DOM1, then a (potentially valid) DOM2\fred
login would be denied.
Maybe we could make it a parameter "force domain" or
something to allow the Samba admin to force all domain
logins to appear to be from a certain domain ?
Cheers,
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list