malcolm melville +44 171 542 8472
1998-Jan-19 15:24 UTC
Problem with 1.9.18p1 and password server
In version 1.9.17.p2, a password server line in smb.conf could contain multiple server entries and if a username/password combination failed to validate on one server it would try against the next one until it got a match. Even if the account existed on the first server that was tried, and the password failed, then the subsequent server would be tried. We liked this feature as we have users on multiple domains with trust relationships across domains and different passwords for those accounts on the different domains. In 1.9.18p1 this no longer works - or maybe I have missed something. If an account is present but fails to authenticate against the first server, then subsequent servers are not used. This means that we have users who can no longer see their files. Is there some way of reinstating the old behaviour (albeit that the security is lower) than the new way? tia malcolm ------------------------------------------------------------------------ Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
Luke Kenneth Casson Leighton
1998-Jan-19 16:54 UTC
Problem with 1.9.18p1 and password server
malcolm, the problem is that the connection to each of the password servers takes too long to time out: long enough for the client to think that the server is dead. what is needed in clientgen.c is some code that opens a socket on port 139 and then checks that the socket has been connected: at present it goes ahead and attempts to send an smb session request without validating that the socket is really connected. this is probably confused by my understanding of sockets, by the way. luke <a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson Leighton </a> <a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support </a> On Tue, 20 Jan 1998, malcolm melville +44 171 542 8472 wrote:> In version 1.9.17.p2, a password server line in smb.conf could contain multiple > server entries and if a username/password combination failed to validate on one > server it would try against the next one until it got a match. Even if the > account existed on the first server that was tried, and the password failed, > then the subsequent server would be tried. > > We liked this feature as we have users on multiple domains with trust > relationships across domains and different passwords for those accounts on the > different domains. > > In 1.9.18p1 this no longer works - or maybe I have missed something. If an > account is present but fails to authenticate against the first server, then > subsequent servers are not used. This means that we have users who can no > longer see their files. > > Is there some way of reinstating the old behaviour (albeit that the security is > lower) than the new way? > > tia > malcolm > > ------------------------------------------------------------------------ > Any views expressed in this message are those of the individual sender, > except where the sender specifically states them to be the views of > Reuters Ltd. >