Unnecessary NetBIOS domain lookups - fix to ads_init

Sat Jan 11 18:44:00 GMT 2003

I've been testing joining a remote AD (using LDAP) in SAMBA_3_0 and
found that winbindd kept trying unsuccessfully to use NetBIOS to find
the domain.

At startup, add_trusted_domain worked fine -- found the DC and got the
information it needed to connect.

The problem was in init_domain_list.  It got stuck in the loop looking
for the domain SID.  After much digging, it turns out that the real
problem was in ads_init in libads/ads_struct.c.  ads_init has the
following tests:

  /* we need to know if this is a foreign realm to know if we can
     use lp_ads_server() */
  if (realm && strcasecmp(lp_realm(), realm) != 0) {
          ads->server.foreign = 1;
  }
  if (workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) {
          ads->server.foreign = 1;
  }

If those tests set ads->server.foreign to 1, then it will use NetBIOS to
try to find the domain.  But there are places in the code where realm
and/or workgroup are not null, but are empty strings.  In this case, I
don't think the test should succeed.  I changed ads_init to the
following:

  if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) {
          ads->server.foreign = 1;
  }
  if (workgroup && *workgroup && strcasecmp(lp_workgroup(), workgroup)
!= 0) {
          ads->server.foreign = 1;
  }

The change adds a test for empty strings.  It works correctly now,
finding the LDAP server without NetBIOS.

FWIW, the relevant section of smb.conf is:

  [global]
  workgroup=DOMAINTRI
  security=ads
  realm=DOMAINTRI.NSSOLUTIONS.COM
  ads server=10.0.2.113

Hope others find this useful.

Ken Cross
Network Storage Solutions