Unnecessary NetBIOS domain lookups - fix to ads_init

Ken Cross kcross at nssolutions.com
Tue Jan 14 10:26:00 GMT 2003


Here's the actual patch to fix the problem below (same patch for
SAMBA_3_0 and HEAD):

# cvs diff -r SAMBA_3_0 -pu ads_struct.c
Index: ads_struct.c
===================================================================
RCS file: /cvsroot/samba/source/libads/ads_struct.c,v
retrieving revision 1.13.2.3
diff -p -u -r1.13.2.3 ads_struct.c
--- ads_struct.c        1 Oct 2002 18:26:00 -0000       1.13.2.3
+++ ads_struct.c        14 Jan 2003 10:23:24 -0000
@@ -94,10 +94,10 @@ ADS_STRUCT *ads_init(const char *realm, 
 
        /* we need to know if this is a foreign realm to know if we can
           use lp_ads_server() */
-       if (realm && strcasecmp(lp_realm(), realm) != 0) {
+       if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) {
                ads->server.foreign = 1;
        }
-       if (workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) {
+       if (workgroup && *workgroup && strcasecmp(lp_workgroup(),
workgroup) != 0) {
                ads->server.foreign = 1;
        }


Ken


-----Original Message-----
From: samba-technical-admin at lists.samba.org
[mailto:samba-technical-admin at lists.samba.org] On Behalf Of Ken Cross
Sent: Saturday, January 11, 2003 1:44 PM
To: samba-technical at samba.org
Subject: Unnecessary NetBIOS domain lookups - fix to ads_init


I've been testing joining a remote AD (using LDAP) in SAMBA_3_0 and
found that winbindd kept trying unsuccessfully to use NetBIOS to find
the domain.

At startup, add_trusted_domain worked fine -- found the DC and got the
information it needed to connect.

The problem was in init_domain_list.  It got stuck in the loop looking
for the domain SID.  After much digging, it turns out that the real
problem was in ads_init in libads/ads_struct.c.  ads_init has the
following tests:

  /* we need to know if this is a foreign realm to know if we can
     use lp_ads_server() */
  if (realm && strcasecmp(lp_realm(), realm) != 0) {
          ads->server.foreign = 1;
  }
  if (workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) {
          ads->server.foreign = 1;
  }

If those tests set ads->server.foreign to 1, then it will use NetBIOS to
try to find the domain.  But there are places in the code where realm
and/or workgroup are not null, but are empty strings.  In this case, I
don't think the test should succeed.  I changed ads_init to the
following:


  if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) {
          ads->server.foreign = 1;
  }
  if (workgroup && *workgroup && strcasecmp(lp_workgroup(), workgroup)
!= 0) {
          ads->server.foreign = 1;
  }

The change adds a test for empty strings.  It works correctly now,
finding the LDAP server without NetBIOS.

FWIW, the relevant section of smb.conf is:

  [global]
  workgroup=DOMAINTRI
  security=ads
  realm=DOMAINTRI.NSSOLUTIONS.COM
  ads server=10.0.2.113

Hope others find this useful.

Ken Cross
Network Storage Solutions




More information about the samba-technical mailing list