Bug 2976 - Win2k member workstation authentication order different when in Samba domain
Win2k member workstation authentication order different when in Samba domain
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.14a
All Linux
: P3 normal
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-10 12:54 UTC by John Janosik
Modified: 2005-08-24 10:25 UTC (History)
0 users

See Also:


Attachments
sets authoritative field to 0 when domain name doesn't match (632 bytes, patch)
2005-08-10 13:27 UTC, Jim McDonough
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description John Janosik 2005-08-10 12:54:51 UTC
We have the following:

A:  Standalone Windows workstation with userid X and password Y.
B:  Win2k workstation member of domain but with local userid X and password Y.

User X logs into workstation A and runs an app that maps a drive to workstation
B.  The application does not specify a userid or password in the mapping.  We
have no control over the application to change this.

When workstation B is a member of an NT domain this works OK.  When workstation
B is a member of a Samba domain the mapping fails.
Comment 1 Jim McDonough 2005-08-10 13:27:51 UTC
Created attachment 1365 [details]
sets authoritative field to 0 when domain name doesn't match

From John:

It turns out that NT sets the authoritative field in the NetrLogonSamLogon
reponse to 0 when the domain name does not match.  Here is the patch that is
working for me.

Question:

If the domain is a trusted domain instead of an unknown domain would the NT
server set authoritative to 1.
Comment 2 John Janosik 2005-08-11 07:56:28 UTC
I tested and NT does set authoritative to 1 when the domain is a trusted domain.
 Jim also brought up that we might need to do a case-insensitive match.  I'll
get a new patch tested and attached.
Comment 3 Jim McDonough 2005-08-12 08:28:59 UTC
Fix from John checked in, r9261.  Thanks!

The fix is not the above patch.  It also checks if it's not a domain we know and
if the user doesn't exist.
Comment 4 Gerald (Jerry) Carter 2005-08-24 10:25:26 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.