Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2005-02-17 at 02:34 +1100, Andrew Tridgell wrote:
> Volker,
> > Agreed. But doing the ntlm(2?) bind with the machine account is ok? II=

RC this
> > can't be done in the windows world, but I think samba could implement =

> > without the need for kerberos I think.

> I'll leave it up to abartlet and you to work out - I'm just flagging
> that allowing anonymous access to this is not good.

I'm certainly not happy with an NTLM bind, mostly because we can't
handle the trusted domain case for:

Samba Server -> Windows Doamin (primary)
-> Samba domain (trusted)

It also just does not match windows behaviour.

For our primary domain, then a schannel bind is appropriate. For
trusted domains, this is harder to get right.

Andrew Bartlett =20

Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.6 (GNU/Linux)