SAMLOGON UDP request
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Dec 18 18:20:55 GMT 1998
On Fri, 18 Dec 1998, Andrew Tridgell wrote:
> > > but we'll only get a "get backup list" (which is unicast, from memory)
> > > if we answer a broadcast 1D query for that domain or register it with
> > > WINS. Either way, we would need to be the LMB for that domain.
> >
> > ... or to answer the getbackuplistreq with not with our own lmb or dmb
> > name but with the trusted dc's lmb or dmb names.
>
> no. we won't get a "getbackuplistreq" unless we are the local master
> for that domain. It is a unicast request and is sent to hosts that
> have answered a name query on DOMAIN<1D> or DOMAIN<1B>. So for Samba
> to get one of those requests for a foregn domain we would first have
> to become the LMB for the foreign domain. That won't happen. ok?
ah, good point. it would be useful for there to be code in samba that
says:
if (name_type == 0x1b)
{
process_getbackuplist_req(...)
}
instead of just accepting it from any netbios name, which is completely
wrong.
i took getbackuplistreq as an example because i thought that this UDP
datagram comes in on <00> name types not <1b>.
bugger.
> > ah, but with that the problem was solved by cross-referencing the called
> > netbios name against the workgroup for which that netbios name was
> > responsible.
>
> which forced us to have a separate netbios alias for each domain.
> We certainly don't want to do that in this case.
true, that would mean nmbd having separate identities and being a PDC for
multiple domains.
More information about the samba-technical
mailing list