losing connections to password server
David Bear
David.Bear at asu.edu
Thu Jun 19 15:53:17 GMT 2003
"security = server" may be a nasty hack, but it is an important
'feature' in an organization like my university. We have centrally
managed services which include user accounts. This hack lets me add
users to samba services without having to manage accounts. I can't
beleive that there aren't more sys admins who haven't used this
feature.
I am reading the info at http://ubiqx.org/cifs/SMB.html#SMB.8.8 to
gain an understanding of the reasons for pass thru auth, but I'd vote
to have it improved as the problem mentioned at the start of this
thread is biting me more and more...
On Tue, May 27, 2003 at 04:32:33PM +0000, jra at dp.samba.org wrote:
> On Tue, May 27, 2003 at 09:38:16AM -0400, Brandon Craig Rhodes wrote:
> >
> > Why does server_validate() simply give up rather than re-establishing
> > its connection to the password server? Though I am not fluent in the
> > SMB protocol, perhaps the cluster server process passes along to its
> > client workstation the session key it receives from the password
> > server, which means the password hashes submitted by the client would
> > not work on a subsequent connection, whose session key would be
> > different. So server_validate() must give up.
>
> Indeed. That's why security = server is at best a nasty hack. Please
> use security = domain.
>
> Jeremy.
--
David Bear
phone: 480-965-8257
fax: 480-965-9189
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
"Beware the IP portfolio, everyone will be suspect of trespassing"
More information about the samba-technical
mailing list