[Samba] [SOLVED] Howto auth against an NT domain I don't control?
Gordon Lack
gml4410 at gsk.com
Mon Sep 22 14:31:14 GMT 2008
> After many more hours of searching, I found someone else in the exact same
> situation as me.
Not only him. I also had the same problem, but applied a simpler patch.
The client has already sent what it wants you to use, so just use it.
I can't see why you wouldn't want to do so. You have already decided
to trust a Windows authentication server, so why not send it the domain
that the client has asked you to? If the credentials as duff then the
Windows server will say so. To replace the domain name with one which
has absolutely *nothing* to do with the client, and hence makes the
authentication bound to fail, unless it happens to be the default domain
of the DC, seems completely wrong to me.
This was what I used:
===================
--- auth_util.c.orig Wed May 28 13:41:11 2008
+++ auth_util.c Fri Jun 6 10:43:03 2008
@@ -173,7 +173,11 @@
and let the "passdb backend" handle unknown users. */
if ( !is_trusted_domain(domain) && !strequal(domain,
get_global_sam_name()) )
+ {
+/* XXX - Leave alone if SEC_SERVER */
+ if ( lp_security() != SEC_SERVER )
domain = my_sam_name();
+ }
/* we know that it is a trusted domain (and we are allowing
them) or it is our domain */
==================
The original report, and reply, is at:
http://fixunix.com/samba/381697-samba-using-windows-dc-security-server-mode.html
How does one go about getting this fixed in the Samba code base?
More information about the samba
mailing list