I posted a message about a week ago concerning my ongoing battles
with NetWkstaUserLogon (aka networkstation user login). I would
be very grateful for answers to ANY of my questions...
We have 1.9.18p4 on Solaris 2.6. We are doing pass-through authentication
(security=server, password server = <NT PDC>).
It will allow administrators to login, map drives, etc. etc.
However, non administrators are not allowed. The response from
the NetWkstaUserLogon is that non-administrators have been allowed,
but they have been given guest privileges. Since guest access isn't
good enough, access is denied.
Does anyone have 'networkstation user login = yes' (the default for
1.9.18p3 and p4) working with a similar configuration (passing the
authentication through to an NT server)?
Can anyone explain why this could be happening? My guess is that
the NT server is seeing the request coming from the samba server,
not the NT client. Since the samba machine is part of a workgroup
and not the NT domain, the NT server won't give anything more
than guest access except to these special account. I'm stabbing
in the dark...
Can anyone explain the security risks involved with turning off this
authentication rule set?
I found a very thorough description of NetWkstaUserLogon, but
unfortunately, the samba debuging information doesn't map directly to
the variables mentioned -- and I'm just not understanding the
samba source code.
I've traced our problem back to 1.9.17p4. Previous versions (17p2)
worked fine. The following is in the 17p4 release notes.
4). Fix for security = server. Problem with previous workaround
which caused machine logon restrictions on an NT server to fail.
This code has been completely re-written.
If anyone can identify these login restrictions, I would be forever
grateful.
Thank you.
---------------------------------------------------------------------------
Tom Lieuallen Phone: 541.737.6784
Oregon State University Fax: 541.737.5545
College of Engineering Email: toml@engr.orst.edu
Network Research Assistant