[PATCH]: wbc: expand wbcAuthUserParams to pass
alternate domain\user
Steven Danneman
steven.danneman at isilon.com
Tue May 19 23:03:54 GMT 2009
> Steven,
>
> If you disallow "username map" for local NLTMv2 support, would that
> simplify the problem? And secondly (forgive me if this is totally
> off the wall), could you not just retrieve the original target name
> from
> V2Response blob? I don't have a Vista client handy to verify
> the empty domain name right now. So I don't know if the "NetBios
> Hostname" (name type 0x1) is the same as the name used when generating
> the V2 Hash.
Hey Jerry,
Eliminating support for "username map" in conjunction with NTLMv2 would
remove the need to pass a second username through wbc. This is of
course a decent feature limitation.
As far as having the correct domain, which was used to create the hash,
from the V2Response blob, empirically I haven't seen this. From Vista,
if a NULL domain is sent, the V2Response blob still contains the NetBios
name of the server. I've attached a pcap.
-Steven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vista.pcap
Type: application/octet-stream
Size: 4480 bytes
Desc: vista.pcap
Url : http://lists.samba.org/archive/samba-technical/attachments/20090519/b51975b6/vista.obj
More information about the samba-technical
mailing list