joining resource domain, trust account for master domain needed
Jeremy Allison
jeremy at valinux.com
Mon Jun 25 19:09:35 GMT 2001
"DICKENS,CARY (HP-Loveland,ex2)" wrote:
>
> Mike,
>
> We are having the same issue. If you determine a work around, please let me
> know. We had this working with the version (cvs from 25MAY2001) prior to
> big files (>2Gb) capability being added. Since then, nothing we have done
> has allowed us to have access like we need.
>
> Samba 2.2 is awesome and I know the team is working their butts off. This
> is the only part that is causing me grief and I want to help, unfortunately
> I don't understand the communication path in a domain well enough to allow
> me to solve this myself. The call that is failing is line 946 in reply.c.
>
> if (!guest && !check_server_security(orig_user, domain, user,
> smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
> !check_domain_security(orig_user, domain, user, smb_apasswd,
> smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
> !check_hosts_equiv(user))
>
> I think that check_domain_security should be returning true, but it goes
> into password.c and ends up with the error message you identified and
> returns false.
Thanks ! This is a bug - stupid typo :-).
Try the following patch (will be in 2.2.1 and HEAD soon).
Jeremy.
Index: smbd/password.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/password.c,v
retrieving revision 1.186.2.24
diff -u -r1.186.2.24 password.c
--- smbd/password.c 21 Jun 2001 20:18:47 -0000 1.186.2.24
+++ smbd/password.c 25 Jun 2001 19:03:07 -0000
@@ -1255,8 +1255,7 @@
************************************************************************/
static BOOL connect_to_domain_password_server(struct cli_state *pcli,
- char *server,
- unsigned char *trust_passwd)
+ char *server, unsigned char *trust_passwd)
{
struct in_addr dest_ip;
fstring remote_machine;
@@ -1559,9 +1558,9 @@
/*
* Get the machine account password for our primary domain
*/
- if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time))
+ if (!secrets_fetch_trust_account_password(global_myworkgroup, trust_passwd, &last_change_time))
{
- DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", domain));
+ DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", global_myworkgroup));
return False;
}
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list