Authen::Smb against another domain?

Carrie Coy carriec at doc.state.vt.us
Tue Nov 28 20:10:04 GMT 2000


We're a state agency that would like to give authenticated web access to
employees of another department (different domain).

We currently happily use Apache::AuthenSmb (based on the smbval library) for
our own users.  I'd like to simply point Authen::Smb at the other
department's PDC to authenticate their users.  Could it be this simple?

When I tried this, I got an NTV_PROTOCOL_ERROR.  I confirmed that it's
failing on the line in valid.c below:

/* Test for a server in share level mode do not authenticate against it */
if (con -> Security == 0)
  {
   SMB_Discon (con,0);
   return (NTV_PROTOCOL_ERROR);
}

If I comment out these lines, Authen::Smb always returns "NTV_NO_ERROR" even
if I intentionally provide a bogus login/password.

Any advice on what needs to be done differently to make this work?    In
case it's helpful, I've attached tcpdump information from the failed
session.
--
Carrie Coy

Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on all devices
15:04:31.911907 eth0 > mail1.doc.state.vt.us.3559 >
wtrbry.srs.state.vt.us.netbios-ssn: S 3530914758:3530914758(0) win 32120
<mss 1460,sackOK,timestamp 10612962 5 0,nop,wscale 0> (DF)
15:04:31.914399 eth0 < wtrbry.srs.state.vt.us.netbios-ssn >
mail1.doc.state.vt.us.3559: S 3453999617:3453999617(0) ack 3530914759 win
12288 <mss 1460>
15:04:31.914449 eth0 > mail1.doc.state.vt.us.3559 >
wtrbry.srs.state.vt.us.netbios-ssn: . 1:1(0) ack 1 win 32120 (DF)
15:04:31.914522 eth0 > mail1.doc.state.vt.us.3559 >
wtrbry.srs.state.vt.us.netbios-ssn: P 1:73(72) ack 1 win 32120>>> NBT (DF)
15:04:31.994652 eth0 < wtrbry.srs.state.vt.us.netbios-ssn >
mail1.doc.state.vt.us.3559: . 1:1(0) ack 73 win 12288
15:04:32.098195 eth0 < wtrbry.srs.state.vt.us.netbios-ssn >
mail1.doc.state.vt.us.3559: P 1:5(4) ack 73 win 12288>>> NBT
15:04:32.098226 eth0 > mail1.doc.state.vt.us.3559 >
wtrbry.srs.state.vt.us.netbios-ssn: . 73:73(0) ack 5 win 32120 (DF)
15:04:32.098280 eth0 > mail1.doc.state.vt.us.3559 >
wtrbry.srs.state.vt.us.netbios-ssn: P 73:241(168) ack 5 win 32120>>> NBT
(DF)
15:04:32.107308 eth0 < wtrbry.srs.state.vt.us.netbios-ssn >
mail1.doc.state.vt.us.3559: P 5:78(73) ack 241 win 12288>>> NBT
15:04:32.107410 eth0 > mail1.doc.state.vt.us.3559 >
wtrbry.srs.state.vt.us.netbios-ssn: F 241:241(0) ack 78 win 32120 (DF)
15:04:32.109422 eth0 < wtrbry.srs.state.vt.us.netbios-ssn >
mail1.doc.state.vt.us.3559: . 78:78(0) ack 242 win 12288
15:04:32.111667 eth0 < wtrbry.srs.state.vt.us.netbios-ssn >
mail1.doc.state.vt.us.3559: F 78:78(0) ack 242 win 12288
15:04:32.111714 eth0 > mail1.doc.state.vt.us.3559 >
wtrbry.srs.state.vt.us.netbios-ssn: . 242:242(0) ack 79 win 32120 (DF)

13 packets received by filter







More information about the samba mailing list