svn commit: samba r16255 - branches/SAMBA_3_0/source/rpc_client trunk/source/rpc_client

Thu Jun 15 12:37:06 GMT 2006

Author: jerry
Date: 2006-06-15 12:37:05 +0000 (Thu, 15 Jun 2006)
New Revision: 16255

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16255

Log:
Fix 'net ads join' when the workgroup is set incorrectly
in smb.conf.  This did work before the join rewrite.
Samba will have problems if you try to run any of the daemons
with an incorrect workgroup but it should not fail to join.

The summary is that a member server should always use it's 
own machine name when setting up schannel since that is 
the only account it has.  Thanks to Volker for the discussion.



Modified:
   branches/SAMBA_3_0/source/rpc_client/cli_pipe.c
   trunk/source/rpc_client/cli_pipe.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpc_client/cli_pipe.c
===================================================================

--- branches/SAMBA_3_0/source/rpc_client/cli_pipe.c	2006-06-15 12:14:45 UTC (rev 16254)
+++ branches/SAMBA_3_0/source/rpc_client/cli_pipe.c	2006-06-15 12:37:05 UTC (rev 16255)
@@ -2446,15 +2446,18 @@
 		return NULL;
 	}
 
+	/* A DC should use DOMAIN$ as its account name.
+	   A member server can only use it's machine name since it
+	   does not have an account in a trusted domain.
+
+	   We don't check the domain against lp_workgroup() here since
+	   'net ads join' has to continue to work with only the realm
+	   specified in smb.conf.  -- jerry */
+
         if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
 		fstrcpy( machine_account, lp_workgroup() );
         } else {
-                /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
-                if (strequal(domain, lp_workgroup())) {
-                        fstrcpy(machine_account, global_myname());
-                } else {
-                        fstrcpy(machine_account, domain);
-                }
+		fstrcpy(machine_account, global_myname());
         }
 
 	*perr = rpccli_netlogon_setup_creds(netlogon_pipe,

Modified: trunk/source/rpc_client/cli_pipe.c
===================================================================
--- trunk/source/rpc_client/cli_pipe.c	2006-06-15 12:14:45 UTC (rev 16254)
+++ trunk/source/rpc_client/cli_pipe.c	2006-06-15 12:37:05 UTC (rev 16255)
@@ -2446,15 +2446,18 @@
 		return NULL;
 	}
 
+	/* A DC should use DOMAIN$ as its account name.
+	   A member server can only use it's machine name since it
+	   does not have an account in a trusted domain.
+
+	   We don't check the domain against lp_workgroup() here since
+	   'net ads join' has to continue to work with only the realm
+	   specified in smb.conf.  -- jerry */
+
         if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
 		fstrcpy( machine_account, lp_workgroup() );
         } else {
-                /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
-                if (strequal(domain, lp_workgroup())) {
-                        fstrcpy(machine_account, global_myname());
-                } else {
-                        fstrcpy(machine_account, domain);
-                }
+		fstrcpy(machine_account, global_myname());
         }
 
 	*perr = rpccli_netlogon_setup_creds(netlogon_pipe,

