Hi; There is likely a supported way around this problem, but it wasn't immediately apparent to me. So, I created the enclosed patch to fix my problem. What I would like to do is the following: - run samba in "security = domain" - not use trusted domains, but allow people to connect from other domains - not maintain a local encrypted password file for samba, but instead use our domain server to authenticate all users What the fix does is have samba lie to itself as to what domain the request came from. This may have security implications, which I've ignored. I used the enclosed fix on samba 2.0.7 and that has worked for us for some time. There do not seem to be any problems so far in my tests of 2.2.0. (The enclosed patch is for 2.2.0. Note that I have not done any ifdefs or similar.) Please let me know if I'm missing a method of doing this via the normal configuration file. Thanks for your work on this program. The ACL support in 2.2.x is very handy, and the print driver support (while exceedingly slow in adding new print drivers to the server) will be useful as well. Ian. ---------------------------------------------------------------------------- Ian MacPhedran, Engineering Computer Centre, 2B13 Engineering Building, University of Saskatchewan, 57 Campus Drive, Saskatoon SK S7N 5A9, CANADA Phone: (306)966-4832 Fax: (306)966-5205 Email: Ian_MacPhedran@engr.USask.CA -------------- next part -------------- *** orig/samba-2.2.0/source/smbd/reply.c Thu Apr 12 22:09:39 2001 --- samba-2.2.0/source/smbd/reply.c Wed Apr 18 15:59:55 2001 *************** *** 616,623 **** if(lp_security() != SEC_DOMAIN) return False; ! if (!check_domain_match(orig_user, domain)) ! return False; ret = domain_client_validate(orig_user, domain, smb_apasswd, smb_apasslen, --- 616,625 ---- if(lp_security() != SEC_DOMAIN) return False; ! if (!check_domain_match(orig_user, domain)) { ! DEBUG(0,("Domain %s remapped to %s\n",domain,global_myworkgroup)); ! domain = global_myworkgroup; ! } ret = domain_client_validate(orig_user, domain, smb_apasswd, smb_apasslen, *************** *** 927,932 **** --- 929,938 ---- * security=domain. */ + + DEBUG(0,("Domain %s remapped to %s\n",domain,global_myworkgroup)); + domain=global_myworkgroup; + if (!guest && !check_server_security(orig_user, domain, user, smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) && !check_domain_security(orig_user, domain, user, smb_apasswd,