winbindd vs. lsarpcd/netlogond
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Jul 13 13:14:42 GMT 2000
> Okay: I said above, that trust-account-checking is realy
> the job of netlogond/lsarpcd:
>
it's handled in samba by responding to a NETLOGON request with
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT error message.
this gets passed down from netlogond remotely to domain_client_validate()
which is called from password_ok() which is called from
reply_sesssetup_andx.
in this way, a consistent interface gives the means to validate a trust
account from an SMBsesssetupX.
... which is a security risk that i *think* ms removed in SP6, returning
NT_STATUS_ACCESS_DENIED instead.
More information about the samba-technical
mailing list