[PATCH] ADS "demote" fix

Antti Andreimann Antti.Andreimann at mail.ee
Sun Jul 20 01:55:20 GMT 2003


Problem description:
When non-kerberos client connects to samba the trust account in AD gets
demoted to NT4.0 and kerberos tickets cease to work.

Proposed solution:
Disable winbind:domain authentication and use smbserver authentication
instead in source/auth/auth.c

Implementation status:
Included patch implements the change. It should apply cleanly to 3.0.0beta3
as well as to CVS as of 20.07.2003 01:00 GMT

Testing status:
I have tested the change on alpha24 (and it is able to "fool" the AD), but
not on beta3 or latest CVS, however the change is so trivial it should
Marc, can You please test it in Your environment and report if it helped
with the demotion problem?

          Antti Andreimann
      Using Linux since 1993
  Member of ELUG since 29.01.2000

More information about the samba-technical mailing list