SAMLOGON UDP request

Andrew Tridgell tridge at samba.org
Wed Dec 16 02:36:15 GMT 1998


> andrew, jeremy, remember that i can never or at least rarely come up with
> immediate reasons (within two days) it usually takes me two to three
> weeks.  i still may know why something may not be a good idea, i just
> can't justify it, the design is still partially subconscious.

I'd rather it become fully concious before you commit it! Then the
commits might make more sense :)

> that code is a subset of what is required.

no, it was just totally broken. It had no redeeming features at all.
When adding code to Samba you should _not_ break existing setups
except in extreme cases. This code broke lots of existing setups and
didn't even work. 

> don't worry: NT registers FORIEGN_DOMAIN<00> and on this name it answers
> *all* requests that are sent to FORIEGN_DOMAIN<00>.

ok, so if you do "nmblookup -S" on a NT box with a trust relationship
then it shows registered domain names for the other domains? (not just
subconcious feelings here, have you actually seen this?)
 
> therefore we don't need to "reply inappropriately", we actually need to go
> carefully through all the other datagram code to make sure that we _do_
> reply appropriately.

you misunderstand me. If we register the names locally then we will
reply to all requests. The problem is that we will give the _wrong_
reply in some cases. In several places we reply with our server name,
but we wuld instead have to reply with the name of a different server.

I'd also query if this is necessary at all. If clients fallback to
doing WINS queries for these requests then it will work with the
current code. If we can get away without putting trust relationship
code in nmbd then we should do so. Our aim is not to totally emulate
NT. Our aim is to provide useful services to users.
 


More information about the samba-technical mailing list