trusted domains patch n+3

Rafal Szczesniak mimir at diament.ists.pwr.wroc.pl
Sat Sep 7 11:08:00 GMT 2002


On Sat, Sep 07, 2002 at 12:54:47PM +0200, Simo Sorce wrote:
> I tested yesterday against w2k, if you passa bogis domain name it simply
> ignore and try against the local sam.

And that's what we can do as well. The thing is that it tries against
local sam instead of returning error.
This is what make_user_info_map is for. We can put our domain name
into auth_usersupplied_info.domain and behave just like you tested.
We can be even more secure and refuse some connections.

> > On Sat, Sep 07, 2002 at 02:11:05AM +0200, Simo Sorce wrote:
> > > Ok, that was clear, what I want to ask, is: why should we try to logon a
> > > user that provides bad information? Shouldn't we simply deny it with an
> > > error? How do NT behaves in such situations?
> > 
> > In case of incorrect credentials passed when attempting to connect,
> > NT prompts you to enter username and password. Just like completely
> > new logon to remote server's SAM.
> > 
> > 
> > 
> > -- 
> > cheers,
> > +------------------------------------------------------------+
> > |Rafal 'Mimir' Szczesniak <mimir at diament.ists.pwr.wroc.pl>   |
> > |*BSD, GNU/Linux and Samba                                  /
> > |__________________________________________________________/
> -- 
> Simo Sorce - simo.sorce at xsec.it
> Xsec s.r.l.
> via Durando 10 Ed. G - 20158 - Milano
> tel. +39 02 2399 7130 - fax: +39 02 700 442 399



-- 
cheers,
+------------------------------------------------------------+
|Rafal 'Mimir' Szczesniak <mimir at diament.ists.pwr.wroc.pl>   |
|*BSD, GNU/Linux and Samba                                  /
|__________________________________________________________/



More information about the samba-technical mailing list