storing our machine account name in secrets.tdb
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Mar 13 16:19:44 GMT 2007
On Tue, Mar 13, 2007 at 05:46:47PM +0200, Michael Adda wrote:
> I see no problem with it in general, but care must be taken in order to
> reply with the old hostname when doing NTLMv2 authentication.
> Otherwise, I think this may break the case where
> NTLMSSP_CHAL_TARGET_INFO is set in ntlmssp_server_negotiate().
> My experience shows that DCs do not allow samlogons auths if there's a
> mismatch between the account name and the name in the challenge blob.
Sure, there are TONS of places where this needs to be
checked properly. Thanks for the heads-up!
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070313/affc94ca/attachment.bin
More information about the samba-technical
mailing list