[PATCH]: wbc: expand wbcAuthUserParams to pass alternate domain\user

Steven Danneman steven.danneman at isilon.com
Tue May 19 23:03:54 GMT 2009


> Steven,
> 
> If you disallow "username map" for local NLTMv2 support, would that
> simplify the problem?  And secondly (forgive me if this is totally
> off the wall), could you not just retrieve the original target name
> from
> V2Response blob?  I don't have a Vista client handy to verify
> the empty domain name right now.  So I don't know if the "NetBios
> Hostname" (name type 0x1) is the same as the name used when generating
> the V2 Hash.

Hey Jerry,

Eliminating support for "username map" in conjunction with NTLMv2 would
remove the need to pass a second username through wbc.  This is of
course a decent feature limitation.

As far as having the correct domain, which was used to create the hash,
from the V2Response blob, empirically I haven't seen this.  From Vista,
if a NULL domain is sent, the V2Response blob still contains the NetBios
name of the server.  I've attached a pcap.

-Steven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vista.pcap
Type: application/octet-stream
Size: 4480 bytes
Desc: vista.pcap
Url : http://lists.samba.org/archive/samba-technical/attachments/20090519/b51975b6/vista.obj


More information about the samba-technical mailing list