2.2.0 pass thru validation
Gerald Carter
gcarter at valinux.com
Wed May 9 16:24:10 GMT 2001
On Wed, 9 May 2001, MCCALL,DON (HP-USA,ex1) wrote:
> Hi Gerald,
>
> I think we're all missing the point a bit here - when samba is in
> security = domain mode, it is emulating a MEMBER server in the NT
> domain, NOT the PDC. So for us to change the code to do what a PDC
> would do seems wrong to me. Indeed, if you login to your NT
> workstation with your workstation name as the domain (or are in
> another domain than the pdc), if you try to connect to the PDC, the
> pdc WILL fallback to seeing if the username is in its OWN domain with
> the correct password. BUT - if you try to attach to a (for instance
> Advanced Server for Unix) MEMBER server in a domain other than your
> own in this fashion, that member server will behave precisely as Samba
> does; it will NOT try it's own domain name after it receives the rpc
> replies etc. from the PDC, but instead will come up and require you to
> enter a domainname\username password pair that is valid. So based on
> this, I would say that Samba in DOMAIN level security is behaving
> appropriately.
ok. That's what I was curious about. This is not how I
remember it though. What I thought I remembered was that NT has
an implied "trust" among usernames with the same password.
I will test this though. Let me get back to you in a little while.
jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list