question regarding NTLM authentication
simo
idra at samba.org
Wed May 24 02:53:07 GMT 2006
On Wed, 2006-05-24 at 08:32 +1000, Andrew Bartlett wrote:
> The first task is for someone to re-implement 'security=server' in
> Samba4, using the credentials system as the glue.
I would honestly like to NOT see security=server for samba4.
If you need to auth against a DC you can just use domain security,
that's right way to do it. I can understand why we made it into samba
and why we keep it in samba3 but I can't see why we should add something
like that in samba4.
In most cases it will not work anyway, today SMB signing is on by
default on most servers.
Let it just be a sort of hack in an auth module in security=user where
instead of checking the password locally we "check" it against a remote
server.
I would also like to start moving away from the "security=" way of doing
stuff and just use a role= parameter which makes much more sense.
Eg.
role = standalone
role = domain-member
role = domain-controller
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list