[PATCH] ADS "demote" fix
abartlet at samba.org
Sun Jul 20 06:28:19 GMT 2003
On Sun, 2003-07-20 at 11:55, Antti Andreimann wrote:
> Problem description:
> When non-kerberos client connects to samba the trust account in AD gets
> demoted to NT4.0 and kerberos tickets cease to work.
> Proposed solution:
> Disable winbind:domain authentication and use smbserver authentication
> instead in source/auth/auth.c
This is *compleatly* the wrong solution. It will only cause problems -
the smbserver authentication is not suitable for use in this situation.
See the documentation on 'security=server'.
We need to look into how we interact with AD, to find the correct
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030720/0221c4a9/attachment.bin
More information about the samba-technical