summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1997-12-03 03:43:05 +0000
committerAndrew Tridgell <tridge@samba.org>1997-12-03 03:43:05 +0000
commit69460b470f44c82b677a41d65ab4e172fc7b284b (patch)
treea6c333146ab485986db8982976843b5de418cee5 /source3
parent11d7f4a2aa01d5bd010fd18934c2516f39a41e3c (diff)
downloadsamba-69460b470f44c82b677a41d65ab4e172fc7b284b.tar.gz
samba-69460b470f44c82b677a41d65ab4e172fc7b284b.tar.bz2
samba-69460b470f44c82b677a41d65ab4e172fc7b284b.zip
allow users to disable the NetWkstaUserLogon call in server level
security by changing a setting in local.h or adding it to their Makefile. See comment in local.h (This used to be commit cc10fdf7583ec644850445ad96afd8b22b71e86f)
Diffstat (limited to 'source3')
-rw-r--r--source3/include/local.h10
-rw-r--r--source3/smbd/password.c2
2 files changed, 12 insertions, 0 deletions
diff --git a/source3/include/local.h b/source3/include/local.h
index 9a31032ee6..ca8d231dcd 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -25,6 +25,16 @@
*/
#define PRINTCAP_NAME "/etc/printcap"
+/* this affects server level security. With this set (recommended)
+ samba will do a full NetWkstaUserLogon to confirm that the client
+ really should have login rights. This can cause problems with
+ machines in trust relationships in which case you can disable it
+ here, but be warned, we have heard that some NT machines will then
+ allow anyone in with any password! Make sure you test it. */
+#ifndef USE_NETWKSTAUSERLOGON
+#define USE_NETWKSTAUSERLOGON 1
+#endif
+
/* define what facility to use for syslog */
#ifndef SYSLOG_FACILITY
#define SYSLOG_FACILITY LOG_DAEMON
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 2176d5dafa..1c72f0cfa6 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -1589,6 +1589,7 @@ BOOL server_validate(char *user, char *domain,
}
+#if USE_NETWKSTAUSERLOGON
if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
cli_tdis(&cli);
@@ -1608,6 +1609,7 @@ BOOL server_validate(char *user, char *domain,
cli_tdis(&cli);
return False;
}
+#endif
DEBUG(3,("password server %s accepted the password\n", cli.desthost));