3 files changed, 6 insertions, 2 deletions

diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 1960fc1cfb..0711b056bd 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -158,7 +158,7 @@ static uint32 server_validate(const auth_usersupplied_info *user_info, auth_serv
 	 *  - abartlet@samba.org
 	 */
 
-	if(!tested_password_server) {
+	if ((!tested_password_server) && (lp_paranoid_server_security())) {
 		if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), 
 					(char *)badpass, sizeof(badpass), user_info->domain.str)) {
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 992083df72..543e9bab9f 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -175,6 +175,7 @@ typedef struct
 	int maxprotocol;
 	int minprotocol;
 	int security;
+	BOOL paranoid_server_security;
 	int maxdisksize;
 	int lpqcachetime;
 	int iMaxSmbdProcesses;
@@ -800,6 +801,7 @@ static struct parm_struct parm_table[] = {
 	{"lpq cache time", P_INTEGER, P_GLOBAL, &Globals.lpqcachetime, NULL, NULL, 0},
 	{"max smbd processes", P_INTEGER, P_GLOBAL, &Globals.iMaxSmbdProcesses, NULL, NULL, 0},
 	{"max connections", P_INTEGER, P_LOCAL, &sDefault.iMaxConnections, NULL, NULL, FLAG_SHARE},
+	{"paranoid server security", P_BOOL, P_GLOBAL, &Globals.paranoid_server_security, NULL, NULL, 0},
 	{"max disk size", P_INTEGER, P_GLOBAL, &Globals.maxdisksize, NULL, NULL, 0},
 	{"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, 0},
 	{"min print space", P_INTEGER, P_LOCAL, &sDefault.iMinPrintSpace, NULL, NULL, FLAG_PRINT},
@@ -1230,6 +1232,7 @@ static void init_globals(void)
 	Globals.maxprotocol = PROTOCOL_NT1;
 	Globals.minprotocol = PROTOCOL_CORE;
 	Globals.security = SEC_USER;
+	Globals.paranoid_server_security = True;
 	Globals.bEncryptPasswords = False;
 	Globals.bUpdateEncrypt = False;
 	Globals.bReadRaw = True;
@@ -1573,6 +1576,7 @@ FN_GLOBAL_INTEGER(lp_deadtime, &Globals.deadtime)
 FN_GLOBAL_INTEGER(lp_maxprotocol, &Globals.maxprotocol)
 FN_GLOBAL_INTEGER(lp_minprotocol, &Globals.minprotocol)
 FN_GLOBAL_INTEGER(lp_security, &Globals.security)
+FN_GLOBAL_BOOL(lp_paranoid_server_security, &Globals.paranoid_server_security)
 FN_GLOBAL_INTEGER(lp_maxdisksize, &Globals.maxdisksize)
 FN_GLOBAL_INTEGER(lp_lpqcachetime, &Globals.lpqcachetime)
 FN_GLOBAL_INTEGER(lp_max_smbd_processes, &Globals.iMaxSmbdProcesses)
diff --git a/source3/smbd/auth_server.c b/source3/smbd/auth_server.c
index 1960fc1cfb..0711b056bd 100644
--- a/source3/smbd/auth_server.c
+++ b/source3/smbd/auth_server.c
@@ -158,7 +158,7 @@ static uint32 server_validate(const auth_usersupplied_info *user_info, auth_serv
 	 *  - abartlet@samba.org
 	 */
 
-	if(!tested_password_server) {
+	if ((!tested_password_server) && (lp_paranoid_server_security())) {
 		if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), 
 					(char *)badpass, sizeof(badpass), user_info->domain.str)) {