[Samba] annoying authentication failure problem: sambatest[hostname]

Andrew Bartlett abartlet at pcug.org.au
Wed May 29 07:11:02 GMT 2002

"MCCALL,DON (HP-USA,ex1)" wrote:
> Hi Toni,
> This error is the result of a test that samba does in the module
> "server_validate", (in password.c) to check the password server for a bug
> where NT 4 (some versions) would not correctly set the guest bit.
> There is currently no smb.conf parameter to allow you to control this
> behavior, so to change it , you would need to actually hack the password.c
> module to disable it.
> Not difficult, but you would leave yourself open to a security hole, if the
> password server you are using (esp. if you have password server=* set in
> smb.conf) gets one of the versions of NT that has the bug after you have
> removed this protection.
> Most of us don't have control over our NT domains, so we can't guarantee
> this won't happen - thus our 'paranoia' in the code we CAN control ;->.
> Hope this helps,
> Don

The only other thing to remember is that if you are running NT domains,
you really should use 'security=domain'. 

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list