summaryrefslogtreecommitdiff
path: root/source3/include/MacExtensions.h
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-03-03 03:56:53 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-03-03 03:56:53 +0000
commit4941e64fe043d755ec0068b540a9ed7264a9a38d (patch)
treee8952461d455841de3780d818bed10c092784834 /source3/include/MacExtensions.h
parent81f66464b062df5fcfed41dbace8d37836b16e34 (diff)
downloadsamba-4941e64fe043d755ec0068b540a9ed7264a9a38d.tar.gz
samba-4941e64fe043d755ec0068b540a9ed7264a9a38d.tar.bz2
samba-4941e64fe043d755ec0068b540a9ed7264a9a38d.zip
This patch allows NT4 domains to trust Samba.
Simply add an account (smbpasswd -a -i REMOTEDOM) and join with 'user manager' on the remote domain. The only issue (at the auth level at least) that prevented NT4 domains from trusting Samba was that our netlogon code was based on what appear to be invalid assumptions. The netlogon code appears to assume that the 'client name' specified corrosponds to an account of the same form. This doesn't apply in trusted domains, becouse the account is in the form domain$ Now that we use the supplied account name, and no longer make our access control checks at the challange stage (where this info is unavailable) we match the Win2k behaviour for invalid machine logins, and don't need to know the names of PDCs/BDCs in trusting domains. We also kill off the 'you logged on with a machine account, use your user account' error message, becouse the previous NT_STATUS return was compleatly bogus. (The ACCESS_DENIED we now return matches Win2k, and gives snane error messages on the client). TNG doesn't use this and has to do magic password syncs between the various accounts for domain/pdc/bdc. This patch feels like the much more natural way of doing things, and has been mildly tested. Andrew Bartlett (This used to be commit 542673fcd6654a1d0966dddadde177a4c4ce135d)
Diffstat (limited to 'source3/include/MacExtensions.h')
0 files changed, 0 insertions, 0 deletions