thr3ads.net - samba - Fudging domain support

If this information is useful, please help other people find it:
Share via:

Ian MacPhedran

2001-Apr-20 19:47 UTC

Fudging domain support - samba 2.2.0

Hi;
There is likely a supported way around this problem, but it wasn't
immediately apparent to me. So, I created the enclosed patch to fix my
problem.

What I would like to do is the following:
 - run samba in "security = domain"
 - not use trusted domains, but allow people to connect from other domains
 - not maintain a local encrypted password file for samba, but instead use
   our domain server to authenticate all users

What the fix does is have samba lie to itself as to what domain the
request came from. This may have security implications, which I've
ignored.

I used the enclosed fix on samba 2.0.7 and that has worked for us for some
time. There do not seem to be any problems so far in my tests of 2.2.0.
(The enclosed patch is for 2.2.0. Note that I have not done any ifdefs or 
similar.)

Please let me know if I'm missing a method of doing this via the normal
configuration file.

Thanks for your work on this program. The ACL support in 2.2.x is very
handy, and the print driver support (while exceedingly slow in adding new 
print drivers to the server) will be useful as well.

Ian.
----------------------------------------------------------------------------
Ian MacPhedran,    Engineering Computer Centre,   2B13 Engineering Building,
University of Saskatchewan,  57 Campus Drive,  Saskatoon SK  S7N 5A9, CANADA
Phone: (306)966-4832 Fax: (306)966-5205  Email: Ian_MacPhedran@engr.USask.CA
-------------- next part --------------
*** orig/samba-2.2.0/source/smbd/reply.c	Thu Apr 12 22:09:39 2001
--- samba-2.2.0/source/smbd/reply.c	Wed Apr 18 15:59:55 2001
***************
*** 616,623 ****
    if(lp_security() != SEC_DOMAIN)
      return False;
  
!   if (!check_domain_match(orig_user, domain))
!      return False;
  
    ret = domain_client_validate(orig_user, domain,
                                  smb_apasswd, smb_apasslen,
--- 616,625 ----
    if(lp_security() != SEC_DOMAIN)
      return False;
  
!   if (!check_domain_match(orig_user, domain)) {
!      DEBUG(0,("Domain %s remapped to
%s\n",domain,global_myworkgroup));
!      domain = global_myworkgroup;
!   }
  
    ret = domain_client_validate(orig_user, domain,
                                  smb_apasswd, smb_apasslen,
***************
*** 927,932 ****
--- 929,938 ----
     * security=domain.
     */
  
+   
+   DEBUG(0,("Domain %s remapped to %s\n",domain,global_myworkgroup));
+   domain=global_myworkgroup;
+  
    if (!guest && !check_server_security(orig_user, domain, user, 
           smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
        !check_domain_security(orig_user, domain, user, smb_apasswd,

Reasonably Related Threads

Search for more seemingly similar threads

samba - Apr 2001 - Fudging domain support - samba 2.2.0

Fudging domain support - samba 2.2.0

Reasonably Related Threads

Wisdom of the Ancients