smbd/reply.c 2.2.8a test local workgroup patch

Andrew Bartlett abartlet at
Sat Jun 21 00:28:11 GMT 2003

On Sat, 2003-06-21 at 07:30, Richard Sharpe wrote:
> On Fri, 20 Jun 2003, Matthew Moffitt wrote:
> > >Surely that means that you must have authentication information for all 
> > >users in two places: The domain they are in and the domain your Samba 
> > >server is in.
> > >
> > >If so, what about the headache of keeping the passwords sync'd?
> > 
> > Not so, the samba servewr is in the same domain as the users.  The 
> > problem is with people coming in from elsewhere (home, remote offices, 
> > external departments, etc).  In this case their computers are not in our 
> > domain, maybe not in any domain.
> > 
> > Simply put, when somebody is connecting to a server in MYDOMAIN I want 
> > it to look for their account in MYDOMAIN, not their home PC's workgroup.
> Ok, I now realize that the diff you sent me confused me as well. 
> We tend to like unified diffs around here (diff -u).
> I would be tempted to say that this sort of feature should be under the 
> control of a parameter, but we have too many parameters.

It already is :-).  Samba 3.0 have an 'allow trusted domains' parameter
(I'm pretty sure it must have been in 2.2. as well) and also takes some
pains to ensure that any specified username exists - ie the domain must
exist in the list of trusted domains.

I think this should solve all your problems.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list