Unnecessary NetBIOS domain lookups - fix to ads_init
Ken Cross
kcross at nssolutions.com
Sat Jan 11 18:44:00 GMT 2003
I've been testing joining a remote AD (using LDAP) in SAMBA_3_0 and
found that winbindd kept trying unsuccessfully to use NetBIOS to find
the domain.
At startup, add_trusted_domain worked fine -- found the DC and got the
information it needed to connect.
The problem was in init_domain_list. It got stuck in the loop looking
for the domain SID. After much digging, it turns out that the real
problem was in ads_init in libads/ads_struct.c. ads_init has the
following tests:
/* we need to know if this is a foreign realm to know if we can
use lp_ads_server() */
if (realm && strcasecmp(lp_realm(), realm) != 0) {
ads->server.foreign = 1;
}
if (workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) {
ads->server.foreign = 1;
}
If those tests set ads->server.foreign to 1, then it will use NetBIOS to
try to find the domain. But there are places in the code where realm
and/or workgroup are not null, but are empty strings. In this case, I
don't think the test should succeed. I changed ads_init to the
following:
if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) {
ads->server.foreign = 1;
}
if (workgroup && *workgroup && strcasecmp(lp_workgroup(), workgroup)
!= 0) {
ads->server.foreign = 1;
}
The change adds a test for empty strings. It works correctly now,
finding the LDAP server without NetBIOS.
FWIW, the relevant section of smb.conf is:
[global]
workgroup=DOMAINTRI
security=ads
realm=DOMAINTRI.NSSOLUTIONS.COM
ads server=10.0.2.113
Hope others find this useful.
Ken Cross
Network Storage Solutions
More information about the samba-technical
mailing list