[Samba] annoying authentication failure problem: sambatest[hostname]
Andrew Bartlett
abartlet at pcug.org.au
Wed May 29 07:11:02 GMT 2002
"MCCALL,DON (HP-USA,ex1)" wrote:
>
> Hi Toni,
> This error is the result of a test that samba does in the module
> "server_validate", (in password.c) to check the password server for a bug
> where NT 4 (some versions) would not correctly set the guest bit.
> There is currently no smb.conf parameter to allow you to control this
> behavior, so to change it , you would need to actually hack the password.c
> module to disable it.
> Not difficult, but you would leave yourself open to a security hole, if the
> password server you are using (esp. if you have password server=* set in
> smb.conf) gets one of the versions of NT that has the bug after you have
> removed this protection.
> Most of us don't have control over our NT domains, so we can't guarantee
> this won't happen - thus our 'paranoia' in the code we CAN control ;->.
> Hope this helps,
> Don
The only other thing to remember is that if you are running NT domains,
you really should use 'security=domain'.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list