patch: additional parameter for domain mapping

Martin Bahlinger ry42 at rz.uni-karlsruhe.de
Thu Oct 24 15:41:03 GMT 2002 

Hi!

Our samba servers here are members of a win2k domain and authenticate
users against the win2k domain controllers. So when connecting to a
samba share you have to supply the Username AND the correct domain name.

Well, everything is fine when connecting from computers belonging to the
same domain. But when connecting from anywhere else, you have to supply
your Username like "DOMAIN\user". This is a problem with pc's running
win95 or win98. They supply automatically their own Domain and you
cannot choose a different one.

Therefore I added the boolean smb.conf parameter "map domains". When
set, all connections will be treated as having supplied the Domain the
samba server belongs to.

In the case of anyone also being in need of this feature...
here is the patch for 2.2.6:


diff -ru samba-2.2.6/source/include/proto.h samba-2.2.6-map-domains/source/include/proto.h
--- samba-2.2.6/source/include/proto.h	Wed Oct 16 06:30:55 2002
+++ samba-2.2.6-map-domains/source/include/proto.h	Wed Oct 23 13:45:11 2002
@@ -2021,6 +2021,7 @@
  BOOL lp_nt_status_support(void);
  BOOL lp_stat_cache(void);
  BOOL lp_allow_trusted_domains(void);
+BOOL lp_map_domains(void);
  BOOL lp_restrict_anonymous(void);
  BOOL lp_lanman_auth(void);
  BOOL lp_host_msdfs(void);
Only in samba-2.2.6-map-domains/source/include: proto.h~
diff -ru samba-2.2.6/source/param/loadparm.c samba-2.2.6-map-domains/source/param/loadparm.c
--- samba-2.2.6/source/param/loadparm.c	Wed Oct 16 06:30:57 2002
+++ samba-2.2.6-map-domains/source/param/loadparm.c	Wed Oct 23 13:45:11 2002
@@ -276,6 +276,7 @@
  	BOOL bStatCache;
  	BOOL bKernelOplocks;
  	BOOL bAllowTrustedDomains;
+ 
BOOL bMapDomains;
  	BOOL bRestrictAnonymous;
  	BOOL bLanmanAuth;
  	BOOL bDebugHiresTimestamp;
@@ -734,6 +735,7 @@
  	{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC | FLAG_WIZARD},
  	{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
  	{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, 0},
+ 
{"map domains", P_BOOL, P_GLOBAL, &Globals.bMapDomains, NULL, NULL, 0},
  	{"alternate permissions", P_BOOL, P_LOCAL, &sDefault.bAlternatePerm, NULL, NULL, FLAG_GLOBAL | FLAG_DEPRECATED},
  	{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, 0},
  	{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, 0},
@@ -1668,6 +1670,7 @@
  FN_GLOBAL_BOOL(lp_nt_status_support, &Globals.bNTStatusSupport)
  FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache)
  FN_GLOBAL_BOOL(lp_allow_trusted_domains, &Globals.bAllowTrustedDomains)
+FN_GLOBAL_BOOL(lp_map_domains, &Globals.bMapDomains)
  FN_GLOBAL_BOOL(lp_restrict_anonymous, &Globals.bRestrictAnonymous)
  FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth)
  FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs)
Only in samba-2.2.6-map-domains/source/param: loadparm.c~
diff -ru samba-2.2.6/source/smbd/reply.c samba-2.2.6-map-domains/source/smbd/reply.c
--- samba-2.2.6/source/smbd/reply.c	Wed Oct  9 22:27:23 2002
+++ samba-2.2.6-map-domains/source/smbd/reply.c	Wed Oct 23 13:45:11 2002
@@ -853,7 +853,10 @@
       * to UNIX.
       */
      pstrcpy(user,dos_to_unix_static(user));
-    fstrcpy(domain, dos_to_unix_static(p));
+    if (lp_map_domains())
+      fstrcpy(domain, dos_to_unix_static(lp_workgroup()));
+    else
+      fstrcpy(domain, dos_to_unix_static(p));
      DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s]\n",
  	     domain,skip_string(p,1),skip_string(p,2)));
    }

More information about the samba-technical mailing list