trusted domains patch n+3

Andrew Bartlett abartlet at
Fri Sep 6 22:43:01 GMT 2002

Rafal Szczesniak wrote:
> On Fri, Sep 06, 2002 at 05:01:25PM +0200, Simo Sorce wrote:
> > On Fri, 2002-09-06 at 16:37, Rafal Szczesniak wrote:
> > > On Fri, Sep 06, 2002 at 04:42:53PM +0200, Simo Sorce wrote:
> > > >
> > > > What are you trying to do there?
> > > > Why should we replace a domain name with another???
> > >
> > > For instance, when lp_allow_trusted_domains() is set to false,
> > > then user's domain name should is replaced with our domain name.
> > > Authentication modules will then look for username in our domain's
> > > SAM instead querying trusted domains.
> >
> > Can you explain me why we should not simply fail?
> In case of ?

OK, time for an explaination:

We can receive all sorts of things in the 'domain' feild from a client. 
Mostly it's their current domain.  If we are a standalone server, or
don't trust the domain they supplied, then we replace it with our own
for authenticaion.  

Similarly if we are not using truste domains at all - then every login
gets changed to our local domain.  

However, some parts of the code (NTLMv2 in particular) need the original
domain, so we keep that around.

Does that make a bit more sense?

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list