OpenAFS CVS Commit: openafs/src/WINNT/afsd by jaltman
cvs@GRAND.CENTRAL.ORG
cvs@GRAND.CENTRAL.ORG
Tue, 13 Jul 2004 02:22:53 EDT
Update of /cvs/openafs/src/WINNT/afsd
In directory GRAND.CENTRAL.ORG:/home/jaltman/openafs/cvs-tree/src/WINNT/afsd
Modified Files:
afsd_init.c
Log Message:
DELTA ntlm-back-connection-hostnames-20040713
AUTHOR jaltman@mit.edu
Add function configureBackConnectionHostNames(void)
On Windows XP SP2, Windows 2003 SP1, and all future Windows operating systems
there is a restriction on the use of SMB authentication on loopback connections.
There are two work arounds available:
(1) We can disable the check for matching host names. This does not
require a reboot:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableLoopbackCheck"=dword:00000001
(2) We can add the AFS SMB/CIFS service name to an approved list. This
does require a reboot:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"BackConnectionHostNames"=multi-sz
The algorithm will be:
Check to see if cm_NetbiosName exists in the BackConnectionHostNames list
If not, add it to the list. (This will not take effect until the next reboot.)
and check to see if DisableLoopbackCheck is set.
If not set, set the DisableLoopbackCheck value to 0x1
and create HKLM\SOFTWARE\OpenAFS\Client UnsetDisableLoopbackCheck
else If cm_NetbiosName exists in the BackConnectionHostNames list,
check for the UnsetDisableLoopbackCheck value.
If set, set the DisableLoopbackCheck flag to 0x0
and delete the UnsetDisableLoopbackCheck value
--- DELTA config follows ---
ntlm-back-connection-hostnames-20040713 openafs/src/WINNT/afsd/afsd_init.c 1.33 1.34