[PATCH] ADS "demote" fix
Antti.Andreimann at mail.ee
Sun Jul 20 13:47:04 GMT 2003
Andrew Bartlett wrote:
> This is *compleatly* the wrong solution. It will only cause problems -
> the smbserver authentication is not suitable for use in this situation.
> See the documentation on 'security=server'.
I know it's a hack, but it was the only protocol I did get to actually work
to authenticate non-kerberos users against AD.
Yes you have to set password server = <AD-s NETBIOS NAME> in smb.conf.
The alternative would have been to remove the winbind:ntdomain and rely only
on kerberos tickets, kicking all Win9x boxes in the butt (well on the other
thought, it might not be such a bad idea anyways ;).
W2k is using something completely different in this situation that is not
supported by anything that exists in auth/auth_*. Im not that proficent in
reading smb authentication dumps to correctly identify it, however I still
should have this dump somewhere so I'l do some digging and I will post it
here when I find it.
Using Linux since 1993
Member of ELUG since 29.01.2000
More information about the samba-technical