smbd/reply.c 2.2.8a test local workgroup patch

Matthew Moffitt moffitt.10 at
Fri Jun 20 22:29:48 GMT 2003

>On Fri, 20 Jun 2003, Matthew Moffitt wrote:
> > >Surely that means that you must have authentication information for all
> > >users in two places: The domain they are in and the domain your Samba
> > >server is in.
> > >
> > >If so, what about the headache of keeping the passwords sync'd?
> >
> > Not so, the samba servewr is in the same domain as the users.  The
> > problem is with people coming in from elsewhere (home, remote offices,
> > external departments, etc).  In this case their computers are not in our
> > domain, maybe not in any domain.
> >
> > Simply put, when somebody is connecting to a server in MYDOMAIN I want
> > it to look for their account in MYDOMAIN, not their home PC's workgroup.
>Ok, I now realize that the diff you sent me confused me as well.
>We tend to like unified diffs around here (diff -u).

Noted.  Sorry for the confusion with the original patch, I included the 
unified diff
it below in case it's still useful.

>I would be tempted to say that this sort of feature should be under the
>control of a parameter, but we have too many parameters.

Originally I planned to create a new option, something like 'force default 
if I ONLY wanted to have it check against the local known domain.  However
since Windows servers appear to operate in the same way the patched smbd does
it I couldn't really justify the investment to make it a distinct option.

Incidentally before I ever tangled with this I looked for an elegant solution
and found quite a few others reporting the same confusion in the past and 
to the DOMAIN\USERNAME route.  This would be a lot of work for me and was
the only thing keeping me from switching to domain authentication mode so
I didn't want to do that.

I guess that's the nice thing about having the source available... so
I was trying to share the changes that worked for me.  I still hope it's 
useful (I'm
not eager to create future local patches every time I upgrade!).


--- smbd/reply.c        Fri Jun 20 14:33:22 2003
+++ smbd/reply.c.orig   Fri Jun 20 13:12:17 2003
@@ -978,11 +978,8 @@
           smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
        !check_domain_security(orig_user, domain, user, smb_apasswd,
           smb_apasslen, smb_ntpasswd, smb_ntpasslen, &ptok) &&
-      !check_domain_security(orig_user, lp_workgroup(), user, smb_apasswd,
-         smb_apasslen, smb_ntpasswd, smb_ntpasslen, &ptok) &&

       * If we get here then the user wasn't guest and the remote

More information about the samba-technical mailing list