smb-extended-20040724

author Jeffrey Altman <jaltman@mit.edu>

Sat, 24 Jul 2004 09:31:15 +0000 (09:31 +0000)

committer Jeffrey Altman <jaltman@secure-endpoints.com>

Sat, 24 Jul 2004 09:31:15 +0000 (09:31 +0000)
author Jeffrey Altman <jaltman@mit.edu>
Sat, 24 Jul 2004 09:31:15 +0000 (09:31 +0000)
committer Jeffrey Altman <jaltman@secure-endpoints.com>
Sat, 24 Jul 2004 09:31:15 +0000 (09:31 +0000)
diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c

index 1cd0645bf20dcb5e7fa0f6e4649d6a20b4e43a78..3d6448e6e7a2ac2b37411b228b2ee4c2c3c10fd8 100644 (file)
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -7344,7 +7344,13 @@ void smb_Init(osi_log_t *logp, char *snamep, int useV3, int LANadapt,
                            or sec package id. */
                         afsi_log("Reverting to NO SMB AUTH");
                         smb_authType = SMB_AUTH_NONE;
-               } else if ( smb_authType == SMB_AUTH_EXTENDED) {
+               } 
+#ifdef COMMENT
+        /* Don't fallback to SMB_AUTH_NTLM.  Apparently, allowing SPNEGO to be used each
+         * time prevents the failure of authentication when logged into Windows with an
+         * external Kerberos principal mapped to a local account.
+         */
+        else if ( smb_authType == SMB_AUTH_EXTENDED) {
              /* Test to see if there is anything to negotiate.  If SPNEGO is not going to be used 
              * then the only option is NTLMSSP anyway; so just fallback. 
              */
@@ -7358,6 +7364,7 @@ void smb_Init(osi_log_t *logp, char *snamep, int useV3, int LANadapt,
              } else
                  free(secBlob);
          }
+#endif
         }
  
         {
author	Jeffrey Altman <jaltman@mit.edu>
	Sat, 24 Jul 2004 09:31:15 +0000 (09:31 +0000)
committer	Jeffrey Altman <jaltman@secure-endpoints.com>
	Sat, 24 Jul 2004 09:31:15 +0000 (09:31 +0000)