domain_client_validate

Luke Kenneth Casson Leighton (lkcl@regent.push.net)
Wed, 29 Apr 1998 10:32:44 +0000 (GMT)

Date:	Wed, 29 Apr 1998 10:32:44 +0000 (GMT)
From:	Luke Kenneth Casson Leighton <lkcl@regent.push.net>
To:	Samba Technical List <samba-technical@samba.anu.edu.au>
Subject: domain_client_validate

jeremy,

the domain passed to machine_password_lock() should be the domain that is
received in the OEM information of the SMBsesssetupX. ok, not quite.

the OEM Domain info in the SesssetupX should be resolved by some means:
contact the DC for that domain and verify against that server.

on receipt of such a call, the server should check the domain name. if
the domain name does not match the server's own domain, then the server
should _also_ do a [recursive] "network" or "interactive" login as
appropriate: this is what trusted domains is all about.

so i have an NT server contacting regent, a samba server, and i tell it to
contact the same NT server for its password database :-) :-)

except that the NT server is in domain DB and the samba server is in
domain TEST3. so there is a little more work to do...

luke