[PATCH] ADS "demote" fix
Andrew Bartlett
abartlet at samba.org
Sun Jul 20 06:28:19 GMT 2003
On Sun, 2003-07-20 at 11:55, Antti Andreimann wrote:
> Hi!
>
> Problem description:
> When non-kerberos client connects to samba the trust account in AD gets
> demoted to NT4.0 and kerberos tickets cease to work.
>
> Proposed solution:
> Disable winbind:domain authentication and use smbserver authentication
> instead in source/auth/auth.c
This is *compleatly* the wrong solution. It will only cause problems -
the smbserver authentication is not suitable for use in this situation.
See the documentation on 'security=server'.
We need to look into how we interact with AD, to find the correct
schannel/netlogon sequence.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030720/0221c4a9/attachment.bin
More information about the samba-technical
mailing list