[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-technical
Subject: Re: domain_client_validate() in smbd/password.c
From: Luke Kenneth Casson Leighton <lkcl () switchboard ! net>
Date: 1999-02-18 17:20:58
[Download RAW message or body]
On Thu, 18 Feb 1999, Jeremy Allison wrote:
> Ken Weaverling wrote:
> >
> >
> > I guess the design goal here is to make Samba as close to an NT server
> > clone as possible, including duplicating its limitations too?!?!?! ;-)
> >
>
> Well, not quite :-). All Samba does is forward the domain
> part of the users logon request to the domain controller
> in question in this case.
>
> This allows people with a domain infrastructure set up
> to have a Samba server allow user "DOM1\fred" access,
> but have "DOM2\fred" denied.
>
> By causing Samba to drop the "DOM" part of the user
> name the PDC will automatically assume it's own domain
> - which may not be what you want. For instance, "DOM1\fred"
> probably has a differnt password to "DOM2\fred", and
> if you just send the authentication request as "fred"
> to the PDC for DOM1, then a (potentially valid) DOM2\fred
> login would be denied.
>
> Maybe we could make it a parameter "force domain" or
> something to allow the Samba admin to force all domain
> logins to appear to be from a certain domain ?
jeremy,
the intention was to use "domain name map" to put entries line
DOM2\fred=fredd2
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic