Question about LsaGetConnectedCredentials

Thu Sep 27 10:44:44 GMT 2001

Two things have to change. We have to identify whether the user is
connected to the domain or not. In the former case, domname in
_lsa_unk_get_connuser should be global_myworkgroup; in the latter, it
should be global_myname. As far as I can tell, this can be only done
when invoking register_vuid. Also, NT returns global_myname on
_lsa_query_info for ROLE_STANDALONE. I am not quite sure why Samba is
returning global_myworkgroup.

The extraneous characters at the end of username in the error message
are showing up because ulen/dlen are set incorrectly in
_lsa_unk_get_connuser. It should be:
	ulen = strlen(username) + 1;
	dlen = strlen(domname) + 1;

Hope that helps,
Manoj.

jtrostel at snapserver.com wrote:
> 
> Using the patch you made, which is now in the official CVS, I can take
> ownership correctly as a domain member.  I am still having problems taking
> ownership if I am NOT a domain member though.
> 
> Somehow, I need to convince SAMBA to look for valid users and groups in the
> local passwd/smbpasswd files if the lookup fails for DOMAIN users.  Do you know
> where in the samba code I need to fiddle to make this a success?  Basically I
> need to know where/why I get
> 
> Unable to take ownership because the account "JTSNT\\jt|||..." could not be
> accessed on the remote machine because of the following error: The account could
> not be found
> 
> The machines are in a PDC controlled domain "CEO", although the calling NT box
> is now in any domain (he is running in a workgroup "JTSNT").  I have logged
> into the NT box as user "jt-ntonly" and then specify "jt" as the user when
> accessing the SAMBA box.  The user "jt" is available ONLY as a locally-defined
> user on the SAMBA box.  All other SAMBA functions seem to function correctly
> and act like the local-SAMBA user "jt".
> 
> --
> John M. Trostel
> Senior Software Engineer
> Quantum / SnapAppliances
> jtrostel at snapserver.com