2.2.0 pass thru validation

Gerald Carter gcarter at valinux.com
Wed May 9 16:24:10 GMT 2001

On Wed, 9 May 2001, MCCALL,DON (HP-USA,ex1) wrote:

> Hi Gerald,
> I think we're all missing the point a bit here - when samba is in
> security = domain mode, it is emulating a MEMBER server in the NT
> domain, NOT the PDC.  So for us to change the code to do what a PDC
> would do seems wrong to me. Indeed, if you login to your NT
> workstation with your workstation name as the domain (or are in
> another domain than the pdc), if you try to connect to the PDC, the
> pdc WILL fallback to seeing if the username is in its OWN domain with
> the correct password. BUT - if you try to attach to a (for instance
> Advanced Server for Unix) MEMBER server in a domain other than your
> own in this fashion, that member server will behave precisely as Samba
> does; it will NOT try it's own domain name after it receives the rpc
> replies etc. from the PDC, but instead will come up and require you to
> enter a domainname\username password pair that is valid. So based on
> this, I would say that Samba in DOMAIN level security is behaving
> appropriately.

ok.  That's what I was curious about.  This is not how I
remember it though.  What I thought I remembered was that NT has
an implied "trust" among usernames with the same password.

I will test this though.  Let me get back to you in a little while.

   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list