how flexible is domain authentication?
Andrew Bartlett
abartlet at samba.org
Sun Oct 26 21:34:09 GMT 2003
On Mon, 2003-10-27 at 06:50, Brandon Craig Rhodes wrote:
> Brandon Craig Rhodes <brandon at oit.gatech.edu> writes:
>
> > This sounds almost exactly like what we need; say, a configuration
> > file option "rewrite user domain = CAMPUS_AUTH" that causes all users
> > trying to authenticate to appear to be in the foreign "CAMPUS_AUTH"
> > domain, rather than in the local domain of the group-level server.
> >
> > ... Where in the code is the process you outlined above - where an
> > unrecognized client domain is rewritten - undertaken?
>
> Update: on a whim I searched the source tree for "unknown domain" and
> was whisked directly to the make_user_info_map() function which seems
> precisely the function I want to modify. I am going to try to add the
> above-described feature and may post a patch as early as tonight if it
> works, so others caught in our situation might find a way out.
Now I'm a bit confused - if this works, then simply joining the Samba
server to the CAMPUS_AUTH domain should also have 'just worked' (with
Samba 3.0), as the unknown client domains would have been mapped to
CAMPUS_AUTH.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031027/3f80d051/attachment.bin
More information about the samba-technical
mailing list