winbindd vs. lsarpcd/netlogond

Elrond elrond at
Thu Jul 13 13:36:48 GMT 2000

On Thu, Jul 13, 2000 at 11:14:42PM +1000, Luke Kenneth Casson Leighton wrote:
> > Okay: I said above, that trust-account-checking is realy
> > the job of netlogond/lsarpcd:
> > 
> it's handled in samba by responding to a NETLOGON request with
> this gets passed down from netlogond remotely to domain_client_validate()
> which is called from password_ok() which is called from
> reply_sesssetup_andx.
> in this way, a consistent interface gives the means to validate a trust
> account from an SMBsesssetupX.
> ... which is a security risk that i *think* ms removed in SP6, returning

There must also exist an "official way", because netdom can
do it...

But the above could be used, until we know and have
implemented the "official way".


More information about the samba-technical mailing list