Win95 authenticated login

Cliff Green green at UMDNJ.EDU
Thu Aug 6 22:14:46 GMT 1998


<disclaimer>
This is really not the forum for this, but it's come up before, and 
I don't have an answer for it.  On the other hand, this is the most
astute list or newsgroup I've read pertaining to Windows networking,
so here goes...
</disclaimer>

Using Samba 1.9.18p8, HPUX 10.20 and Win95 clients, we have W95 
configured to require a domain logon, and as far as that goes it's
working.
We're set up on four servers, on four different campuses, each defined
as a PDC and it's own "domain".  We use /etc/passwd for authentication.

At login, if a valid accountname, password, and domain are entered, 
everything's just peachy.  And yes, we've used poledit to require
validation
by network for windows access.

However.

We've been using Tweakui to clear the last user's login name, to 
minimize user confusion in our public labs.  The unfortunate side 
effect of this is that now it is possible to enter any accountname/
password pair *and a bogus domain name*, and get access to the
computer and the network.  This is exactly the opposite behavior to
what one would expect, and seems to us to be a gaping security hole.

Note, however, if the accountname is *not* stripped before the next
user logs on, then a bogus domain *fails* login, an error message is
displayed, and everything works fine.   Weird.

Adding a %windir%\system\wrkgrp.ini file doesn't do what we want, 
as we need to allow roaming users to logon to their home domains.

A drop-down box for the domain field in the logon box would be 
perfect, especially if it could be controlled the way wkrgrp.ini
controls 
the network control panel applet.

Is there an API or some other hook (.ini file, registry key, magic
incantation) that would help?  I've searched the Technet CD and 
MS' support site to no avail.

c
--
Clifford Green               Internet -  green at umdnj.edu
Academic Computing Services     voice -     732-235-5250
UMDNJ-IST                         fax -     732-235-5252


c
--
Cliff Green
green at umdnj.edu
Academic Computing Services
University of Medicine and Dentistry of New Jersey



More information about the samba mailing list