From 69460b470f44c82b677a41d65ab4e172fc7b284b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 3 Dec 1997 03:43:05 +0000 Subject: allow users to disable the NetWkstaUserLogon call in server level security by changing a setting in local.h or adding it to their Makefile. See comment in local.h (This used to be commit cc10fdf7583ec644850445ad96afd8b22b71e86f) --- source3/include/local.h | 10 ++++++++++ source3/smbd/password.c | 2 ++ 2 files changed, 12 insertions(+) (limited to 'source3') diff --git a/source3/include/local.h b/source3/include/local.h index 9a31032ee6..ca8d231dcd 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -25,6 +25,16 @@ */ #define PRINTCAP_NAME "/etc/printcap" +/* this affects server level security. With this set (recommended) + samba will do a full NetWkstaUserLogon to confirm that the client + really should have login rights. This can cause problems with + machines in trust relationships in which case you can disable it + here, but be warned, we have heard that some NT machines will then + allow anyone in with any password! Make sure you test it. */ +#ifndef USE_NETWKSTAUSERLOGON +#define USE_NETWKSTAUSERLOGON 1 +#endif + /* define what facility to use for syslog */ #ifndef SYSLOG_FACILITY #define SYSLOG_FACILITY LOG_DAEMON diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 2176d5dafa..1c72f0cfa6 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -1589,6 +1589,7 @@ BOOL server_validate(char *user, char *domain, } +#if USE_NETWKSTAUSERLOGON if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); cli_tdis(&cli); @@ -1608,6 +1609,7 @@ BOOL server_validate(char *user, char *domain, cli_tdis(&cli); return False; } +#endif DEBUG(3,("password server %s accepted the password\n", cli.desthost)); -- cgit