From e73c65900fe5285f9bbff9783d10713b2b9bdd36 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Sat, 24 Jul 2004 09:31:15 +0000 Subject: [PATCH] smb-extended-20040724 Don't fallback to SMB_AUTH_NTLM. Apparently, allowing SPNEGO to be used each time prevents the failure of authentication when logged into Windows with an external Kerberos principal mapped to a local account. --- src/WINNT/afsd/smb.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c index 1cd0645bf2..3d6448e6e7 100644 --- a/src/WINNT/afsd/smb.c +++ b/src/WINNT/afsd/smb.c @@ -7344,7 +7344,13 @@ void smb_Init(osi_log_t *logp, char *snamep, int useV3, int LANadapt, or sec package id. */ afsi_log("Reverting to NO SMB AUTH"); smb_authType = SMB_AUTH_NONE; - } else if ( smb_authType == SMB_AUTH_EXTENDED) { + } +#ifdef COMMENT + /* Don't fallback to SMB_AUTH_NTLM. Apparently, allowing SPNEGO to be used each + * time prevents the failure of authentication when logged into Windows with an + * external Kerberos principal mapped to a local account. + */ + else if ( smb_authType == SMB_AUTH_EXTENDED) { /* Test to see if there is anything to negotiate. If SPNEGO is not going to be used * then the only option is NTLMSSP anyway; so just fallback. */ @@ -7358,6 +7364,7 @@ void smb_Init(osi_log_t *logp, char *snamep, int useV3, int LANadapt, } else free(secBlob); } +#endif } {