Authen::Smb against another domain?
Gerald Carter
gcarter at valinux.com
Thu Nov 30 15:15:21 GMT 2000
Carrie Coy wrote:
>
> We currently happily use Apache::AuthenSmb (based on
> the smbval library) for our own users. I'd like to
> simply point Authen::Smb at the other department's PDC
> to authenticate their users. Could it be this simple?
>
> When I tried this, I got an NTV_PROTOCOL_ERROR. I confirmed
> that it's failing on the line in valid.c below:
>
> /* Test for a server in share level mode do not
> authenticate against it */
> if (con -> Security == 0)
> {
> SMB_Discon (con,0);
> return (NTV_PROTOCOL_ERROR);
> }
>
> If I comment out these lines, Authen::Smb always
> returns "NTV_NO_ERROR" even if I intentionally provide
> a bogus login/password.
Carrie,
I have never used this module so I can't give specifics. However,
I can offer some general advice.
The security level of the server is return in the negotiate
protocol response packet. While an NT server can operate in
share level security, this is a very rare case and certainly
not the default (and definitely not for a PDC).
It sounds like the negprot request is failing. I would
suggest grabbing a copy of Ethereal (http://www.ethereal.com)
and looking at the traffic that way. Will provide a better
view of what is going on.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba
mailing list