<disclaimer>
This is really not the forum for this, but it's come up before, and
I don't have an answer for it. On the other hand, this is the most
astute list or newsgroup I've read pertaining to Windows networking,
so here goes...
</disclaimer>
Using Samba 1.9.18p8, HPUX 10.20 and Win95 clients, we have W95
configured to require a domain logon, and as far as that goes it's
working.
We're set up on four servers, on four different campuses, each defined
as a PDC and it's own "domain". We use /etc/passwd for
authentication.
At login, if a valid accountname, password, and domain are entered,
everything's just peachy. And yes, we've used poledit to require
validation
by network for windows access.
However.
We've been using Tweakui to clear the last user's login name, to
minimize user confusion in our public labs. The unfortunate side
effect of this is that now it is possible to enter any accountname/
password pair *and a bogus domain name*, and get access to the
computer and the network. This is exactly the opposite behavior to
what one would expect, and seems to us to be a gaping security hole.
Note, however, if the accountname is *not* stripped before the next
user logs on, then a bogus domain *fails* login, an error message is
displayed, and everything works fine. Weird.
Adding a %windir%\system\wrkgrp.ini file doesn't do what we want,
as we need to allow roaming users to logon to their home domains.
A drop-down box for the domain field in the logon box would be
perfect, especially if it could be controlled the way wkrgrp.ini
controls
the network control panel applet.
Is there an API or some other hook (.ini file, registry key, magic
incantation) that would help? I've searched the Technet CD and
MS' support site to no avail.
c
--
Clifford Green Internet - green@umdnj.edu
Academic Computing Services voice - 732-235-5250
UMDNJ-IST fax - 732-235-5252
c
--
Cliff Green
green@umdnj.edu
Academic Computing Services
University of Medicine and Dentistry of New Jersey
