[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-technical
Subject:    Re: domain_client_validate() in smbd/password.c
From:       Luke Kenneth Casson Leighton <lkcl () switchboard ! net>
Date:       1999-02-18 17:20:58
[Download RAW message or body]

On Thu, 18 Feb 1999, Jeremy Allison wrote:

> Ken Weaverling wrote:
> > 
> > 
> > I guess the design goal here is to make Samba as close to an NT server
> > clone as possible, including duplicating its limitations too?!?!?! ;-)
> > 
> 
> Well, not quite :-). All Samba does is forward the domain
> part of the users logon request to the domain controller
> in question in this case.
> 
> This allows people with a domain infrastructure set up
> to have a Samba server allow user "DOM1\fred" access,
> but have "DOM2\fred" denied.
> 
> By causing Samba to drop the "DOM" part of the user
> name the PDC will automatically assume it's own domain
> - which may not be what you want. For instance, "DOM1\fred"
> probably has a differnt password to "DOM2\fred", and
> if you just send the authentication request as "fred"
> to the PDC for DOM1, then a (potentially valid) DOM2\fred
> login would be denied.
> 
> Maybe we could make it a parameter "force domain" or
> something to allow the Samba admin to force all domain
> logins to appear to be from a certain domain ?

jeremy,

the intention was to use "domain name map" to put entries line
DOM2\fred=fredd2

[prev in list] [next in list] [prev in thread] [next in thread]