The Amigo
2008-Sep-21 19:38 UTC
[Samba] [SOLVED] Howto auth against an NT domain I don't control?
After many more hours of searching, I found someone else in the exact same situation as me. But even better, he figured it out and posted a patch! http://lists.samba.org/archive/samba-technical/2008-February/057829.html Thank you Claude! -- http://theamigo.blogspot.com
Gordon Lack
2008-Sep-22 15:02 UTC
[Samba] [SOLVED] Howto auth against an NT domain I don't control?
> After many more hours of searching, I found someone else in the exact same > situation as me.Not only him. I also had the same problem, but applied a simpler patch. The client has already sent what it wants you to use, so just use it. I can't see why you wouldn't want to do so. You have already decided to trust a Windows authentication server, so why not send it the domain that the client has asked you to? If the credentials as duff then the Windows server will say so. To replace the domain name with one which has absolutely *nothing* to do with the client, and hence makes the authentication bound to fail, unless it happens to be the default domain of the DC, seems completely wrong to me. This was what I used: ==================--- auth_util.c.orig Wed May 28 13:41:11 2008 +++ auth_util.c Fri Jun 6 10:43:03 2008 @@ -173,7 +173,11 @@ and let the "passdb backend" handle unknown users. */ if ( !is_trusted_domain(domain) && !strequal(domain, get_global_sam_name()) ) + { +/* XXX - Leave alone if SEC_SERVER */ + if ( lp_security() != SEC_SERVER ) domain = my_sam_name(); + } /* we know that it is a trusted domain (and we are allowing them) or it is our domain */ ================= The original report, and reply, is at: http://fixunix.com/samba/381697-samba-using-windows-dc-security-server-mode.html How does one go about getting this fixed in the Samba code base?