domain_client_validate() in smbd/password.c
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu Feb 18 17:10:49 GMT 1999
On Thu, 18 Feb 1999, Jeremy Allison wrote:
> Ken Weaverling wrote:
> >
> >
> > I guess the design goal here is to make Samba as close to an NT server
> > clone as possible, including duplicating its limitations too?!?!?! ;-)
> >
>
> Well, not quite :-). All Samba does is forward the domain
> part of the users logon request to the domain controller
> in question in this case.
>
> This allows people with a domain infrastructure set up
> to have a Samba server allow user "DOM1\fred" access,
> but have "DOM2\fred" denied.
>
> By causing Samba to drop the "DOM" part of the user
> name the PDC will automatically assume it's own domain
> - which may not be what you want. For instance, "DOM1\fred"
> probably has a differnt password to "DOM2\fred", and
> if you just send the authentication request as "fred"
> to the PDC for DOM1, then a (potentially valid) DOM2\fred
> login would be denied.
>
> Maybe we could make it a parameter "force domain" or
> something to allow the Samba admin to force all domain
> logins to appear to be from a certain domain ?
jeremy,
the intention was to use "domain name map" to put entries line
DOM2\fred=fredd2
More information about the samba-technical
mailing list