diff options
author | Andrew Tridgell <tridge@samba.org> | 1997-12-03 03:43:05 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1997-12-03 03:43:05 +0000 |
commit | cc10fdf7583ec644850445ad96afd8b22b71e86f (patch) | |
tree | 2de28ac76c29cc3a15aa2818b86bbdc9bfdb427b | |
parent | 7a88bed4a5ca8afe1f2836f7f9a019db01bf998e (diff) | |
download | samba-cc10fdf7583ec644850445ad96afd8b22b71e86f.tar.gz samba-cc10fdf7583ec644850445ad96afd8b22b71e86f.tar.xz samba-cc10fdf7583ec644850445ad96afd8b22b71e86f.zip |
allow users to disable the NetWkstaUserLogon call in server level
security by changing a setting in local.h or adding it to their
Makefile. See comment in local.h
-rw-r--r-- | source/include/local.h | 10 | ||||
-rw-r--r-- | source/smbd/password.c | 2 |
2 files changed, 12 insertions, 0 deletions
diff --git a/source/include/local.h b/source/include/local.h index 9a31032ee68..ca8d231dcd9 100644 --- a/source/include/local.h +++ b/source/include/local.h @@ -25,6 +25,16 @@ */ #define PRINTCAP_NAME "/etc/printcap" +/* this affects server level security. With this set (recommended) + samba will do a full NetWkstaUserLogon to confirm that the client + really should have login rights. This can cause problems with + machines in trust relationships in which case you can disable it + here, but be warned, we have heard that some NT machines will then + allow anyone in with any password! Make sure you test it. */ +#ifndef USE_NETWKSTAUSERLOGON +#define USE_NETWKSTAUSERLOGON 1 +#endif + /* define what facility to use for syslog */ #ifndef SYSLOG_FACILITY #define SYSLOG_FACILITY LOG_DAEMON diff --git a/source/smbd/password.c b/source/smbd/password.c index 2176d5dafaa..1c72f0cfa6e 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -1589,6 +1589,7 @@ BOOL server_validate(char *user, char *domain, } +#if USE_NETWKSTAUSERLOGON if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); cli_tdis(&cli); @@ -1608,6 +1609,7 @@ BOOL server_validate(char *user, char *domain, cli_tdis(&cli); return False; } +#endif DEBUG(3,("password server %s accepted the password\n", cli.desthost)); |