[PATCH] NTLMSSP DNS domain name

Stefan (metze) Metzmacher metze at metzemix.de
Wed Sep 18 08:06:02 GMT 2002

Hi Andrew,

I found out something strange...
If we have a realm in smb.conf, it is send as DNS domain name in NTLMSSP.
This causes XP (and I think w2k too) to think our samba is an ADS DC and 
try to find it via DNS and other ADS stuff later.
The domain join works fine but, if someone try to login the domain is 
It all works fine, if 'realm = ' is emty at domain join time.
I would preferr that we make it depend on lp_security() == SEC_ADS if we 
should send lp_realm() or "" as DNS Domain.

This patch should solve this problem.

Stefan "metze" Metzmacher <metze at metzemix.de>
-------------- next part --------------
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/smbd/sesssetup.c HEAD-fix/source/smbd/sesssetup.c
--- HEAD/source/smbd/sesssetup.c	Sat Sep  7 18:02:02 2002
+++ HEAD-fix/source/smbd/sesssetup.c	Wed Sep 18 09:53:23 2002
@@ -322,12 +322,12 @@ static int reply_spnego_negotiate(connec
-		fstrcpy(dnsdomname, lp_realm());
+		fstrcpy(dnsdomname, (SEC_ADS == lp_security())?lp_realm():"");
 		fstrcpy(dnsname, global_myname);
 		fstrcat(dnsname, ".");
-		fstrcat(dnsname, lp_realm());
+		fstrcat(dnsname, dnsdomname);
 		msrpc_gen(&struct_blob, "aaaaa",

More information about the samba-technical mailing list