trusted domains patch n+3
Andrew Bartlett
abartlet at samba.org
Fri Sep 6 22:43:01 GMT 2002
Rafal Szczesniak wrote:
>
> On Fri, Sep 06, 2002 at 05:01:25PM +0200, Simo Sorce wrote:
> > On Fri, 2002-09-06 at 16:37, Rafal Szczesniak wrote:
> > > On Fri, Sep 06, 2002 at 04:42:53PM +0200, Simo Sorce wrote:
> > > >
> > > > What are you trying to do there?
> > > > Why should we replace a domain name with another???
> > >
> > > For instance, when lp_allow_trusted_domains() is set to false,
> > > then user's domain name should is replaced with our domain name.
> > > Authentication modules will then look for username in our domain's
> > > SAM instead querying trusted domains.
> >
> > Can you explain me why we should not simply fail?
>
> In case of ?
OK, time for an explaination:
We can receive all sorts of things in the 'domain' feild from a client.
Mostly it's their current domain. If we are a standalone server, or
don't trust the domain they supplied, then we replace it with our own
for authenticaion.
Similarly if we are not using truste domains at all - then every login
gets changed to our local domain.
However, some parts of the code (NTLMv2 in particular) need the original
domain, so we keep that around.
Does that make a bit more sense?
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list