diff options
author | Andrew Tridgell <tridge@samba.org> | 1997-12-03 03:43:05 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1997-12-03 03:43:05 +0000 |
commit | 69460b470f44c82b677a41d65ab4e172fc7b284b (patch) | |
tree | a6c333146ab485986db8982976843b5de418cee5 /source3 | |
parent | 11d7f4a2aa01d5bd010fd18934c2516f39a41e3c (diff) | |
download | samba-69460b470f44c82b677a41d65ab4e172fc7b284b.tar.gz samba-69460b470f44c82b677a41d65ab4e172fc7b284b.tar.bz2 samba-69460b470f44c82b677a41d65ab4e172fc7b284b.zip |
allow users to disable the NetWkstaUserLogon call in server level
security by changing a setting in local.h or adding it to their
Makefile. See comment in local.h
(This used to be commit cc10fdf7583ec644850445ad96afd8b22b71e86f)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/local.h | 10 | ||||
-rw-r--r-- | source3/smbd/password.c | 2 |
2 files changed, 12 insertions, 0 deletions
diff --git a/source3/include/local.h b/source3/include/local.h index 9a31032ee6..ca8d231dcd 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -25,6 +25,16 @@ */ #define PRINTCAP_NAME "/etc/printcap" +/* this affects server level security. With this set (recommended) + samba will do a full NetWkstaUserLogon to confirm that the client + really should have login rights. This can cause problems with + machines in trust relationships in which case you can disable it + here, but be warned, we have heard that some NT machines will then + allow anyone in with any password! Make sure you test it. */ +#ifndef USE_NETWKSTAUSERLOGON +#define USE_NETWKSTAUSERLOGON 1 +#endif + /* define what facility to use for syslog */ #ifndef SYSLOG_FACILITY #define SYSLOG_FACILITY LOG_DAEMON diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 2176d5dafa..1c72f0cfa6 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -1589,6 +1589,7 @@ BOOL server_validate(char *user, char *domain, } +#if USE_NETWKSTAUSERLOGON if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); cli_tdis(&cli); @@ -1608,6 +1609,7 @@ BOOL server_validate(char *user, char *domain, cli_tdis(&cli); return False; } +#endif DEBUG(3,("password server %s accepted the password\n", cli.desthost)); |