smbpasswd PROBLEM IDENTIFIED

Jeremy Allison jra at samba.org
Wed Dec 5 11:31:03 GMT 2001


On Wed, Dec 05, 2001 at 10:47:28AM -0600, Esh, Andrew wrote:
> The problem I am having with the latest SAMBA_2_2 smbpasswd has been traced
> to a change in the function "modify_trust_password", in
> rpc_client/cli_trust.c. The new version of the routine starts out by trying
> to read the domain SID from the secrets database, and fails if it doesn't
> find it. (If the database is new, it won't have that key entered yet, so
> smbpasswd can't deal with a new database.)
> 
> In the release-2-2-2 code, in the same routine, later on toward the end,
> there is a call to  "cli_lsa_get_domain_sid", which connects via the network
> to the PDC and gets the domain SID. That function, in
> "rpc_client/cli_lsarpc.c", stores the SID in the secrets database.
> 
> The file "rpc_client/cli_lsarpc.c" doesn't even exist in the new code, and
> the "cli_lsa_get_domain_sid" function isn't found anywhere else.
> 
> I don't see any way for the new code to ever query the PDC and get the
> domain SID. Without that, Samba can't join the domain, and won't run in
> domain mode.
> 
> Obviously this is an absurd conclusion. What is the real problem?

Nope, it got removed by mistake and the logic path wasn't
restored correctly.

I've added a sparate fetch_domain_sid() call that smbpasswd
now uses in the join_domain case to get, then store the
PDC DOMAIN sid.

Seems to work here, re-CVS update and check it out.

Sorry for the problem, thanks for reporting the bug.

Jeremy.




More information about the samba-technical mailing list