Unnecessary NetBIOS domain lookups - fix to ads_init
Ken Cross
kcross at nssolutions.com
Tue Jan 14 10:26:00 GMT 2003
Here's the actual patch to fix the problem below (same patch for
SAMBA_3_0 and HEAD):
# cvs diff -r SAMBA_3_0 -pu ads_struct.c
Index: ads_struct.c
===================================================================
RCS file: /cvsroot/samba/source/libads/ads_struct.c,v
retrieving revision 1.13.2.3
diff -p -u -r1.13.2.3 ads_struct.c
--- ads_struct.c 1 Oct 2002 18:26:00 -0000 1.13.2.3
+++ ads_struct.c 14 Jan 2003 10:23:24 -0000
@@ -94,10 +94,10 @@ ADS_STRUCT *ads_init(const char *realm,
/* we need to know if this is a foreign realm to know if we can
use lp_ads_server() */
- if (realm && strcasecmp(lp_realm(), realm) != 0) {
+ if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) {
ads->server.foreign = 1;
}
- if (workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) {
+ if (workgroup && *workgroup && strcasecmp(lp_workgroup(),
workgroup) != 0) {
ads->server.foreign = 1;
}
Ken
-----Original Message-----
From: samba-technical-admin at lists.samba.org
[mailto:samba-technical-admin at lists.samba.org] On Behalf Of Ken Cross
Sent: Saturday, January 11, 2003 1:44 PM
To: samba-technical at samba.org
Subject: Unnecessary NetBIOS domain lookups - fix to ads_init
I've been testing joining a remote AD (using LDAP) in SAMBA_3_0 and
found that winbindd kept trying unsuccessfully to use NetBIOS to find
the domain.
At startup, add_trusted_domain worked fine -- found the DC and got the
information it needed to connect.
The problem was in init_domain_list. It got stuck in the loop looking
for the domain SID. After much digging, it turns out that the real
problem was in ads_init in libads/ads_struct.c. ads_init has the
following tests:
/* we need to know if this is a foreign realm to know if we can
use lp_ads_server() */
if (realm && strcasecmp(lp_realm(), realm) != 0) {
ads->server.foreign = 1;
}
if (workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) {
ads->server.foreign = 1;
}
If those tests set ads->server.foreign to 1, then it will use NetBIOS to
try to find the domain. But there are places in the code where realm
and/or workgroup are not null, but are empty strings. In this case, I
don't think the test should succeed. I changed ads_init to the
following:
if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) {
ads->server.foreign = 1;
}
if (workgroup && *workgroup && strcasecmp(lp_workgroup(), workgroup)
!= 0) {
ads->server.foreign = 1;
}
The change adds a test for empty strings. It works correctly now,
finding the LDAP server without NetBIOS.
FWIW, the relevant section of smb.conf is:
[global]
workgroup=DOMAINTRI
security=ads
realm=DOMAINTRI.NSSOLUTIONS.COM
ads server=10.0.2.113
Hope others find this useful.
Ken Cross
Network Storage Solutions
More information about the samba-technical
mailing list