winbindd: msrpc vs. ads methods & domain trusts between ADS and NT4

Chere Zhou qzhou at
Wed Jun 4 19:29:36 GMT 2003

I have a 2 way trust between w2k domain and nt4 domain.  Join samba 3.0 into 
the w2k domain as a member.  It does not seem to work with nt4 users.

Looking at winbindd code, I found that all domain->methods point to the cache 
methods, the cache methods then point to either msrpc or ads methods 
depending on lp_security().  So if I set security=ads, msrpc methods are not 
even going to be used at all.   This structure will certainly not work with 
trusts between w2k and nt4 domains.

Is there an easy way to fix this?  I can't think of anything right now.  I 
think in order to make this work, we will need to figure out what type of 
domain this is when doing add_trusted_domains, and set the domain->methods to 
the correct msrpc or ads methods, instead of the cache methods right now.  
Then change the call into cache methods to call directly instead of 
domain->methods, and use domain->methods for the calls from the cache methods.

Where can I find more information about the current design, concern?  What 
might be a better solution to fix this?  Anybody working on this right now?


More information about the samba-technical mailing list