Question about LsaGetConnectedCredentials

jtrostel at snapserver.com jtrostel at snapserver.com
Thu Sep 27 11:38:19 GMT 2001


The change to ulen and dlen definitely fixed up the extraneous characters at
the end of the domain/username part of the error message.  I'm still getting
the error though.

If I have _lsa_unk_get_connuser print out the domain name and user name that
are returned by the get_valid_user_struct as shown below:


  user_struct *vuser = get_valid_user_struct(p->vuid);
  
  if (vuser == NULL)
    return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
  
  fstrcpy(username, vuser->user.smb_name);
  DEBUG(0,("in _lsa_unk_get_connuser: username = %s\n", username));
  fstrcpy(domname, vuser->user.domain);
  DEBUG(0,("in _lsa_unk_get_connuser: domname = %s\n", domname));
 
I get "jt" for the username and "JTSNT" for the domain name.  These are
correct, and are not in the domain ("CEO").  Is this the global_myname vs.
global_myworkgroup : "JTSNT" vs. "CEO"?

If so.... I now need to find where it is mis-applying the global_myworkgroup
and global_myname...



On 27-Sep-2001 Manoj Naik wrote:
> Two things have to change. We have to identify whether the user is
> connected to the domain or not. In the former case, domname in
> _lsa_unk_get_connuser should be global_myworkgroup; in the latter, it
> should be global_myname. As far as I can tell, this can be only done
> when invoking register_vuid. Also, NT returns global_myname on
> _lsa_query_info for ROLE_STANDALONE. I am not quite sure why Samba is
> returning global_myworkgroup.
> 
> The extraneous characters at the end of username in the error message
> are showing up because ulen/dlen are set incorrectly in
> _lsa_unk_get_connuser. It should be:
>       ulen = strlen(username) + 1;
>       dlen = strlen(domname) + 1;
> 
> Hope that helps,
> Manoj.
>  
> jtrostel at snapserver.com wrote:
>> 
>> Using the patch you made, which is now in the official CVS, I can take
>> ownership correctly as a domain member.  I am still having problems taking
>> ownership if I am NOT a domain member though.
>> 
>> Somehow, I need to convince SAMBA to look for valid users and groups in the
>> local passwd/smbpasswd files if the lookup fails for DOMAIN users.  Do you
>> know
>> where in the samba code I need to fiddle to make this a success?  Basically
>> I
>> need to know where/why I get
>> 
>> Unable to take ownership because the account "JTSNT\\jt|||..." could not be
>> accessed on the remote machine because of the following error: The account
>> could
>> not be found
>> 
>> The machines are in a PDC controlled domain "CEO", although the calling NT
>> box
>> is now in any domain (he is running in a workgroup "JTSNT").  I have logged
>> into the NT box as user "jt-ntonly" and then specify "jt" as the user when
>> accessing the SAMBA box.  The user "jt" is available ONLY as a
>> locally-defined
>> user on the SAMBA box.  All other SAMBA functions seem to function correctly
>> and act like the local-SAMBA user "jt".
>> 
>> --
>> John M. Trostel
>> Senior Software Engineer
>> Quantum / SnapAppliances
>> jtrostel at snapserver.com

-- 
John M. Trostel
Senior Software Engineer
Quantum / SnapAppliances
jtrostel at snapserver.com




More information about the samba-technical mailing list