Code for joining a domain in Samba 2.2.0-alpha1

Tom Alsberg alsbergt at cs.huji.ac.il
Wed Apr 11 11:07:22 GMT 2001 

  Actually, those functions really helped. In the source tree I'm using
(samba-2.2.0-alpha1), those functions are in rpc_server/srv_samr.c, and
not rpc_server/srv_samr_nt.c.
  But it seems that when a machine joins a Samba domain, some functions
are called besides _api_samr_create_user() (_samr_chgpasswd_user()
doesn't seem to get called at all during that process). I made a test -
in _api_samr_create_user() I checked the access control bits of the
user, and if it's a workstation trust account, I just returned
NT_STATUS_NO_PROBLEMO, as it would return if it would really be
successful. The code I added is like this:

        if(acb_info & ACB_WSTRUST) {
            DEBUG(1,("Seems like a workstation trust account.\n"
                     "Let's just pretend it's OK.\n"));
            
            /* I don't know what the two following lines are exactly
               supposed to do, but they seem to be executed when adding
               the user was successful, so I added them here.
            */
            *unknown0=0x000703ff;
            *user_rid=sam_pass->user_rid;

            return NT_STATUS_NO_PROBLEMO;
        }

  Now obviously this isn't enough, becuase the machine account doesn't
really get added, and can't be authenticated in future sessions. So now
when adding the computer to the domain under Windows 2000, I get the
error "the user name could not be found". So it seems like after the
computer joins the domain, it also needs/tries to authenticate
itself/log on. So I'm looking for the function that is responsible for
that. I thought it might be called somewhen after
api_samr_create_user(), but I tried some grep's on the entire source
tree for it, and I don't see where it gets called. Might, though, be
that the client calls it `directly' through RPC or something...
  I tried using tcpdump-smb to check the connections and look for
function names there, without much success.

  So I'd be glad if someone with more knowledge about this than me could
point me to the functions that are called after that, or explain me how
to trace those functions myself.

  Thanks, and any help appreciated,
    Tom Alsberg.

On Tue, Apr 10, 2001 at 05:20:36AM -0700, Simo Sorce wrote:
> Take a look at
> _api_samr_create_user()
> and
> _samr_chgpasswd_user()
> in
> rpc_server/srv_samr_nt.c
> there should be something related.
> 

-- 

  ---*---

  Tom Alsberg
	Hebrew University of Jerusalem,
	institute of Computer Science and Engineering -
		System Group / Vision Lab

More information about the samba-technical mailing list