[Samba] Re: ADS valid users can't map share
Gerald (Jerry) Carter
jerry at samba.org
Wed Oct 20 16:56:18 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Igor Belyi wrote:
| No, wait! Samba checks only the first OID! And this is the
| reason for NTLM! Here's the comment from source/smbd/sesssetup.c:
|
| /* only look at the first OID for determining the mechToken --
| accoirding to RFC2478, we should choose the one we want
| and renegotiate, but i smell a client bug here..
|
| Problem observed when connecting to a member (samba box)
| of an AD domain as a user in a Samba domain. Samba member
| server sent back krb5/mskrb5/ntlmssp as mechtypes, but the
| client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an
| NTLMSSP mechtoken. --jerry */
|
| Jerry, that's your comment, right? :)
Yup. That's my change. But since the NTLM authentication
is succeeding, then I'll assume that the token sent back
was an NTLMSSP tocken as well. So for some reason the client
either can't or won't obtain a ticket for the Samba server.
DNS reverse mapping glitch perhaps?
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBdpiyIR7qMdg1EfYRAhkSAKCz5jArueaNlNEVTlQwUfSn6/9rJwCgsgIU
LrjSz0PkLk5F7KOGkBTWZn0=
=13vU
-----END PGP SIGNATURE-----
More information about the samba
mailing list