diff -u -r -xCVS samba/docs/docbook/manpages/smb.conf.5.sgml samba-ignorehost/docs/docbook/manpages/smb.conf.5.sgml
--- samba/docs/docbook/manpages/smb.conf.5.sgml Fri Sep 20 21:15:09 2002
+++ samba-ignorehost/docs/docbook/manpages/smb.conf.5.sgml Wed Oct 2 14:48:19 2002
@@ -775,6 +775,7 @@
unix password syncupdate encrypteduse mmap
+ ignore client domainuse rhostsuse sendfileusername level
@@ -7732,6 +7733,14 @@
+
+ ignore client domain (G)
+ If this global parameter is true, Samba will ignore any domain part of a username passed to it for authentication, substituting instead Samba's own workgroup. For example, if a user Alice on workstation Footle tries to map a share on the Samba server which is a member of domain Accounts, the server will be asked to authenticate the username FOOTLE\alice; with the ignore client domain option set, the server will rewrite the username to ACCOUNTS\alice. This is useful if security = domain and the clients are not members of any domain, but should be.
+
+
+ Default: ignore client domain = no
+
+
diff -u -r -xCVS samba/source/param/loadparm.c samba-ignorehost/source/param/loadparm.c
--- samba/source/param/loadparm.c Wed Oct 2 14:53:11 2002
+++ samba-ignorehost/source/param/loadparm.c Wed Oct 2 15:05:58 2002
@@ -285,6 +285,7 @@
BOOL bHostMSDfs;
BOOL bHideLocalUsers;
BOOL bUseMmap;
+ BOOL bIgnoreClientDomain;
BOOL bUnixExtensions;
int name_cache_timeout;
}
@@ -901,6 +902,7 @@
{"strict sync", P_BOOL, P_LOCAL, &sDefault.bStrictSync, NULL, NULL, FLAG_SHARE},
{"sync always", P_BOOL, P_LOCAL, &sDefault.bSyncAlways, NULL, NULL, FLAG_SHARE},
{"use mmap", P_BOOL, P_GLOBAL, &Globals.bUseMmap, NULL, NULL, 0},
+ {"ignore client domain", P_BOOL, P_GLOBAL, &Globals.bIgnoreClientDomain, NULL, NULL, 0},
#ifdef WITH_SENDFILE
{"use sendfile", P_BOOL, P_LOCAL, &sDefault.bUseSendfile, NULL, NULL, FLAG_SHARE},
#endif
@@ -1394,6 +1396,7 @@
Globals.bUnixExtensions = False;
#ifdef WITH_SSL
+ Globals.bIgnoreClientDomain = False;
Globals.sslVersion = SMB_SSL_V23;
string_set(&Globals.sslHostsRequire, "");
string_set(&Globals.sslHostsResign, "");
@@ -1676,6 +1679,7 @@
FN_GLOBAL_BOOL(lp_kernel_oplocks, &Globals.bKernelOplocks)
FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing)
FN_GLOBAL_BOOL(lp_use_mmap, &Globals.bUseMmap)
+FN_GLOBAL_BOOL(lp_ignore_client_domain, &Globals.bIgnoreClientDomain)
FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level)
FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl)
diff -u -r -xCVS samba/source/smbd/password.c samba-ignorehost/source/smbd/password.c
--- samba/source/smbd/password.c Wed Sep 18 00:44:55 2002
+++ samba-ignorehost/source/smbd/password.c Wed Oct 2 14:48:19 2002
@@ -1505,6 +1505,16 @@
if(user_exists != NULL)
*user_exists = True; /* Only set false on a very specific error. */
+ /*
+ * If the ignore client domain option is true, use our workgroup as the
+ * domain within which to authenticate the username.
+ * jjh@ecs.soton.ac.uk, 18th january 2002.
+ */
+
+ if(lp_ignore_client_domain()) {
+ domain = global_myworkgroup;
+ }
+
/*
* Check that the requested domain is not our own machine name.
* If it is, we should never check the PDC here, we use our own local