Ok, that was clear, what I want to ask, is: why should we try to logon a user that provides bad information? Shouldn't we simply deny it with an error? How do NT behaves in such situations?
Simo. On Sat, 2002-09-07 at 00:42, Andrew Bartlett wrote: > Rafal Szczesniak wrote: > > > > On Fri, Sep 06, 2002 at 05:01:25PM +0200, Simo Sorce wrote: > > > On Fri, 2002-09-06 at 16:37, Rafal Szczesniak wrote: > > > > On Fri, Sep 06, 2002 at 04:42:53PM +0200, Simo Sorce wrote: > > > > > > > > > > What are you trying to do there? > > > > > Why should we replace a domain name with another??? > > > > > > > > For instance, when lp_allow_trusted_domains() is set to false, > > > > then user's domain name should is replaced with our domain name. > > > > Authentication modules will then look for username in our domain's > > > > SAM instead querying trusted domains. > > > > > > Can you explain me why we should not simply fail? > > > > In case of ? > > OK, time for an explaination: > > We can receive all sorts of things in the 'domain' feild from a client. > Mostly it's their current domain. If we are a standalone server, or > don't trust the domain they supplied, then we replace it with our own > for authenticaion. > > Similarly if we are not using truste domains at all - then every login > gets changed to our local domain. > > However, some parts of the code (NTLMv2 in particular) need the original > domain, so we keep that around. > > Does that make a bit more sense? > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399
signature.asc
Description: This is a digitally signed message part