ntlm-back-connection-hostnames-
20040713
Add function configureBackConnectionHostNames(void)
On Windows XP SP2, Windows 2003 SP1, and all future Windows operating systems
there is a restriction on the use of SMB authentication on loopback connections.
There are two work arounds available:
(1) We can disable the check for matching host names. This does not
require a reboot:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableLoopbackCheck"=dword:
00000001
(2) We can add the AFS SMB/CIFS service name to an approved list. This
does require a reboot:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"BackConnectionHostNames"=multi-sz
The algorithm will be:
Check to see if cm_NetbiosName exists in the BackConnectionHostNames list
If not, add it to the list. (This will not take effect until the next reboot.)
and check to see if DisableLoopbackCheck is set.
If not set, set the DisableLoopbackCheck value to 0x1
and create HKLM\SOFTWARE\OpenAFS\Client UnsetDisableLoopbackCheck
else If cm_NetbiosName exists in the BackConnectionHostNames list,
check for the UnsetDisableLoopbackCheck value.
If set, set the DisableLoopbackCheck flag to 0x0
and delete the UnsetDisableLoopbackCheck value
projects / packages / o / openafs.git / commit