Winbindd fixes for SAMBA_2_2
Alexander Bokovoy
a.bokovoy at sam-solutions.net
Mon Aug 13 21:21:47 GMT 2001
Hi there!
You'll find some fixes for Winbindd support in SAMBA_2_2 CVS branch
attached:
1. Workgroup-fixes.patch fixes some problems with default domain and user
validation in Winbind and Smbd. Currently, smbd/password.c fetches machine
trust account using default workgroup set up in [global] section and
ignores domain name passed to it in domain_client_validate().
Unfortunately, Winbind does not set up this global workgroup name
(global_myworkgroup) so it is empty and domain_client_validate() simply
fails to fetch machine trust account.
I've fixed this and also added support for omitting domain name for users
from the default domain (global_myworkgroup) as it was suggested by
Schlomo on samba-ntdom@ mailing list. Now Winbindd recognizes both
DOM+user and user if DOM is the value of 'workgroup' parameter from
smb.conf.
2. Second patch provides fixes in documentation for winbindd(8)
(man/html/sgml) which currently refers to outdated 'samedit' tool
unavailable in Samba 2.2.x (replaced by the similar functionality in
smbpasswd).
Hope this helps.
--
/ Alexander Bokovoy
$ cat /proc/identity >~/.signature
`Senior software developer and analyst for SaM-Solutions Ltd.`
---
Fear is the greatest salesman.
-- Robert Klein
-------------- next part --------------
diff -urN -k.orig ./source/nsswitch/winbindd.c.orig ./source/nsswitch/winbindd.c
--- ./source/nsswitch/winbindd.c.orig Tue Jul 24 10:26:49 2001
+++ ./source/nsswitch/winbindd.c Mon Aug 13 20:27:44 2001
@@ -29,6 +29,7 @@
struct winbindd_cli_state *client_list;
static int num_clients;
+extern fstring global_myworkgroup;
/* Reload configuration */
@@ -694,6 +695,8 @@
}
}
+ fstrcpy(global_myworkgroup, lp_workgroup());
+
TimeInit();
charset_initialise();
diff -urN ./source/nsswitch/wb_client.c.orig ./source/nsswitch/wb_client.c
--- ./source/nsswitch/wb_client.c.orig Tue Jul 24 10:26:49 2001
+++ ./source/nsswitch/wb_client.c Mon Aug 13 12:41:30 2001
@@ -30,16 +30,21 @@
/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
form DOMAIN/user into a domain and a user */
-static void parse_domain_user(char *domuser, fstring domain, fstring user)
+static void wbc_parse_domain_user(char *domuser, fstring domain, fstring user)
{
char *p;
char *sep = lp_winbind_separator();
+ char *workgroup = lp_workgroup();
if (!sep) sep = "\\";
p = strchr(domuser,*sep);
if (!p) p = strchr(domuser,'\\');
if (!p) {
- fstrcpy(domain,"");
+ fstrcpy(domain,workgroup);
fstrcpy(user, domuser);
return;
}
@@ -101,7 +106,7 @@
/* Copy out result */
if (result == NSS_STATUS_SUCCESS) {
- parse_domain_user(response.data.name.name, dom_name, name);
+ wbc_parse_domain_user(response.data.name.name, dom_name, name);
*name_type = (enum SID_NAME_USE)response.data.name.type;
DEBUG(10,("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n", sid_str, dom_name, name ));
}
diff -urN ./source/nsswitch/winbindd_pam.c.orig ./source/nsswitch/winbindd_pam.c
--- ./source/nsswitch/winbindd_pam.c.orig Tue Jul 24 10:26:51 2001
+++ ./source/nsswitch/winbindd_pam.c Mon Aug 13 12:43:23 2001
@@ -25,16 +25,21 @@
/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
form DOMAIN/user into a domain and a user */
-static void parse_domain_user(char *domuser, fstring domain, fstring user)
+static void pam_parse_domain_user(char *domuser, fstring domain, fstring user)
{
char *p;
char *sep = lp_winbind_separator();
+ char *workgroup = lp_workgroup();
if (!sep) sep = "\\";
p = strchr(domuser,*sep);
if (!p) p = strchr(domuser,'\\');
if (!p) {
- fstrcpy(domain,"");
+ fstrcpy(domain,workgroup);
fstrcpy(user, domuser);
return;
}
@@ -45,6 +50,7 @@
strupper(domain);
}
+
/* Return a password structure from a username. Specify whether cached data
can be returned. */
@@ -59,7 +65,7 @@
/* Parse domain and username */
- parse_domain_user(state->request.data.auth.user, name_domain,
+ pam_parse_domain_user(state->request.data.auth.user, name_domain,
name_user);
/* don't allow the null domain */
@@ -98,7 +104,7 @@
if (state == NULL) return WINBINDD_ERROR;
- parse_domain_user(state->request.data.chauthtok.user, domain, user);
+ pam_parse_domain_user(state->request.data.chauthtok.user, domain, user);
oldpass = state->request.data.chauthtok.oldpass;
newpass = state->request.data.chauthtok.newpass;
diff -urN ./source/nsswitch/winbindd_util.c.orig ./source/nsswitch/winbindd_util.c
--- ./source/nsswitch.orig/winbindd_util.c Tue Jul 24 10:26:52 2001
+++ ./source/nsswitch/winbindd_util.c Mon Aug 13 12:31:40 2001
@@ -896,22 +896,27 @@
/* Parse a string of the form DOMAIN/user into a domain and a user */
void parse_domain_user(char *domuser, fstring domain, fstring user)
{
- char *p;
- char *sep = lp_winbind_separator();
- if (!sep) sep = "\\";
- p = strchr(domuser,*sep);
- if (!p) p = strchr(domuser,'\\');
- if (!p) {
- fstrcpy(domain,"");
- fstrcpy(user, domuser);
- return;
- }
-
- fstrcpy(user, p+1);
- fstrcpy(domain, domuser);
- domain[PTR_DIFF(p, domuser)] = 0;
- strupper(domain);
+ char *p;
+ char *sep = lp_winbind_separator();
+ char *workgroup = lp_workgroup();
+ if (!sep) sep = "\\";
+ p = strchr(domuser,*sep);
+ if (!p) p = strchr(domuser,'\\');
+ if (!p) {
+ fstrcpy(domain,workgroup);
+ fstrcpy(user, domuser);
+ return;
+ }
+
+ fstrcpy(user, p+1);
+ fstrcpy(domain, domuser);
+ domain[PTR_DIFF(p, domuser)] = 0;
+ strupper(domain);
}
diff -urN ./source/smbd/password.c.orig ./source/smbd/password.c
--- ./source/smbd/password.c.orig Wed Aug 1 20:32:47 2001
+++ ./source/smbd/password.c Mon Aug 13 20:35:54 2001
@@ -1538,9 +1538,9 @@
/*
* Get the machine account password for our primary domain
*/
- if (!secrets_fetch_trust_account_password(global_myworkgroup, trust_passwd, &last_change_time))
+ if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time))
{
- DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", global_myworkgroup));
+ DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", domain));
return False;
}
-------------- next part --------------
diff -urN -k.orig ./docs/manpages/winbindd.8.orig ./docs/manpages/winbindd.8
--- ./docs/manpages/winbindd.8.orig Tue Jul 10 02:24:58 2001
+++ ./docs/manpages/winbindd.8 Wed Aug 8 21:01:12 2001
@@ -237,18 +237,9 @@
\fBaccount required /lib/security/pam_winbind.so
\fR.PP
The next step is to join the domain. To do that use the
-\fBsamedit\fR program like this:
+\fBsmbpasswd\fR program like this:
.PP
-\fBsamedit -S '*' -W DOMAIN -UAdministrator\fR
-.PP
-The username after the \fI-U\fR can be any Domain
-user that has administrator privileges on the machine. Next from
-within \fBsamedit\fR, run the command:
-.PP
-\fBcreateuser MACHINE$ -j DOMAIN -L\fR
-.PP
-This assumes your domain is called "DOMAIN" and your Samba
-workstation is called "MACHINE".
+\fBsmbpasswd -j <DOMAIN> -r <PDC> -U <adminuser>%<adminpw>r\fR
.PP
Next copy \fIlibnss_winbind.so\fR to
\fI/lib\fR and \fIpam_winbind.so\fR
diff -urN -k.orig ./docs/docbook/manpages/winbindd.8.sgml.orig ./docs/docbook/manpages/winbindd.8.sgml
--- ./docs/docbook/manpages/winbindd.8.sgml.orig Fri Jun 22 19:53:29 2001
+++ ./docs/docbook/manpages/winbindd.8.sgml Mon Aug 13 16:33:24 2001
@@ -318,18 +318,12 @@
</command></para>
<para>The next step is to join the domain. To do that use the
- <command>samedit</command> program like this: </para>
+ <command>smbpasswd</command> program like this: </para>
- <para><command>samedit -S '*' -W DOMAIN -UAdministrator</command></para>
+ <para><command>smbpasswd -j DOMAIN -r PDC -U Administrator</command></para>
<para>The username after the <parameter>-U</parameter> can be any Domain
- user that has administrator privileges on the machine. Next from
- within <command>samedit</command>, run the command: </para>
-
- <para><command>createuser MACHINE$ -j DOMAIN -L</command></para>
-
- <para>This assumes your domain is called "DOMAIN" and your Samba
- workstation is called "MACHINE". </para>
+ user that has administrator privileges on the machine.
<para>Next copy <filename>libnss_winbind.so</filename> to
<filename>/lib</filename> and <filename>pam_winbind.so</filename>
diff -urN -k.orig ./docs/htmldocs/winbindd.8.html.orig ./docs/htmldocs/winbindd.8.html
--- ./docs/htmldocs/winbindd.8.html.orig Fri Jun 22 19:53:35 2001
+++ ./docs/htmldocs/winbindd.8.html Mon Aug 13 16:31:45 2001
@@ -569,12 +569,12 @@
>The next step is to join the domain. To do that use the
<B
CLASS="COMMAND"
->samedit</B
+>smbpasswd</B
> program like this: </P
><P
><B
CLASS="COMMAND"
->samedit -S '*' -W DOMAIN -UAdministrator</B
+>smbpasswd -j DOMAIN -r PDC -U Administrator</B
></P
><P
>The username after the <TT
@@ -583,20 +583,8 @@
>-U</I
></TT
> can be any Domain
- user that has administrator privileges on the machine. Next from
- within <B
-CLASS="COMMAND"
->samedit</B
->, run the command: </P
-><P
-><B
-CLASS="COMMAND"
->createuser MACHINE$ -j DOMAIN -L</B
-></P
-><P
->This assumes your domain is called "DOMAIN" and your Samba
- workstation is called "MACHINE". </P
-><P
+ user that has administrator privileges on the machine.
+</P><P
>Next copy <TT
CLASS="FILENAME"
>libnss_winbind.so</TT
More information about the samba-technical
mailing list