Patch: Overriding domain in security=domain mode

Martin Buck martin.buck at
Wed Jun 13 12:11:49 GMT 2001

Here is a patch that makes Samba a bit more clever when it tries to
authenticate a client with a DC.

Up to now, samba always sent the domain passed by the client to the DC
together with the user name/password. This is what an NT server which is
a domain member does as well. However, if you're trying to connect to a
share served by an NT PDC/BDC itself, it will also try its own domain
name in addition to the one sent by the client. This would be useful
behaviour, if it were done consistently, i.e. on NT domain member
servers as well as NT DCs.

Of course, with samba we've got the possibility to do it right. The
attached patch (against cvs branch SAMBA_2_2) implements a new config
option that allows samba to override the domain sent by the client.
Please see the manpage-patch and the threads "Overriding domain in
security=domain mode?" and "2.2.0 pass thru validation" on
samba-technical (May 2001) for more details.

On request, I could also provide patches against CVS-trunk (only if
somebody promises that it actually gets included there :-) or release
2.0.8/9 and 2.2.0 (for the folks on samba-technical).

Martin Buck
Ascom Systec AG, Applicable Research & Technology
Gewerbepark, CH-5506 Maegenwil
Phone: +41-62-889-5292, Fax: -5290
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-cvs220-workgroupoverride.diff.gz
Type: application/x-gzip
Size: 2544 bytes
Desc: not available
Url :

More information about the samba-technical mailing list