smbd/reply.c 2.2.8a test local workgroup patch
Matthew Moffitt
moffitt.10 at osu.edu
Fri Jun 20 22:29:48 GMT 2003
>On Fri, 20 Jun 2003, Matthew Moffitt wrote:
>
> > >Surely that means that you must have authentication information for all
> > >users in two places: The domain they are in and the domain your Samba
> > >server is in.
> > >
> > >If so, what about the headache of keeping the passwords sync'd?
> >
> > Not so, the samba servewr is in the same domain as the users. The
> > problem is with people coming in from elsewhere (home, remote offices,
> > external departments, etc). In this case their computers are not in our
> > domain, maybe not in any domain.
> >
> > Simply put, when somebody is connecting to a server in MYDOMAIN I want
> > it to look for their account in MYDOMAIN, not their home PC's workgroup.
>
>Ok, I now realize that the diff you sent me confused me as well.
>
>We tend to like unified diffs around here (diff -u).
Noted. Sorry for the confusion with the original patch, I included the
unified diff
it below in case it's still useful.
>I would be tempted to say that this sort of feature should be under the
>control of a parameter, but we have too many parameters.
Originally I planned to create a new option, something like 'force default
workgroup',
if I ONLY wanted to have it check against the local known domain. However
since Windows servers appear to operate in the same way the patched smbd does
it I couldn't really justify the investment to make it a distinct option.
Incidentally before I ever tangled with this I looked for an elegant solution
and found quite a few others reporting the same confusion in the past and
resorting
to the DOMAIN\USERNAME route. This would be a lot of work for me and was
the only thing keeping me from switching to domain authentication mode so
I didn't want to do that.
I guess that's the nice thing about having the source available... so
I was trying to share the changes that worked for me. I still hope it's
useful (I'm
not eager to create future local patches every time I upgrade!).
-Matt
--- smbd/reply.c Fri Jun 20 14:33:22 2003
+++ smbd/reply.c.orig Fri Jun 20 13:12:17 2003
@@ -978,11 +978,8 @@
smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
!check_domain_security(orig_user, domain, user, smb_apasswd,
smb_apasslen, smb_ntpasswd, smb_ntpasslen, &ptok) &&
- !check_domain_security(orig_user, lp_workgroup(), user, smb_apasswd,
- smb_apasslen, smb_ntpasswd, smb_ntpasslen, &ptok) &&
!check_hosts_equiv(user))
{
-
/*
* If we get here then the user wasn't guest and the remote
More information about the samba-technical
mailing list