joining resource domain, trust account for master domain needed

Jeremy Allison jeremy at valinux.com
Mon Jun 25 19:09:35 GMT 2001 

"DICKENS,CARY (HP-Loveland,ex2)" wrote:
> 
> Mike,
> 
> We are having the same issue.  If you determine a work around, please let me
> know.  We had this working with the version (cvs from 25MAY2001) prior to
> big files (>2Gb) capability being added.  Since then, nothing we have done
> has allowed us to have access like we need.
> 
> Samba 2.2 is awesome and I know the team is working their butts off.  This
> is the only part that is causing me grief and I want to help, unfortunately
> I don't understand the communication path in a domain well enough to allow
> me to solve this myself.  The call that is failing is line 946 in reply.c.
> 
>   if (!guest && !check_server_security(orig_user, domain, user,
>          smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
>       !check_domain_security(orig_user, domain, user, smb_apasswd,
>          smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
>       !check_hosts_equiv(user))
> 
> I think that check_domain_security should be returning true, but it goes
> into password.c and ends up with the error message you identified and
> returns false.

Thanks ! This is a bug - stupid typo :-).

Try the following patch (will be in 2.2.1 and HEAD soon).

Jeremy.

Index: smbd/password.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/password.c,v
retrieving revision 1.186.2.24
diff -u -r1.186.2.24 password.c
--- smbd/password.c	21 Jun 2001 20:18:47 -0000	1.186.2.24
+++ smbd/password.c	25 Jun 2001 19:03:07 -0000
@@ -1255,8 +1255,7 @@
 ************************************************************************/
 
 static BOOL connect_to_domain_password_server(struct cli_state *pcli, 
-					      char *server,
-                                              unsigned char *trust_passwd)
+								char *server, unsigned char *trust_passwd)
 {
   struct in_addr dest_ip;
   fstring remote_machine;
@@ -1559,9 +1558,9 @@
   /*
    * Get the machine account password for our primary domain
    */
-  if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time))
+  if (!secrets_fetch_trust_account_password(global_myworkgroup, trust_passwd, &last_change_time))
   {
-	  DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", domain));
+	  DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", global_myworkgroup));
 	  return False;
   }
 

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------

More information about the samba-technical mailing list