winbindd: msrpc vs. ads methods & domain trusts between ADS and
NT4
Andrew Bartlett
abartlet at samba.org
Wed Jun 4 23:33:29 GMT 2003
On Thu, 2003-06-05 at 05:29, Chere Zhou wrote:
> I have a 2 way trust between w2k domain and nt4 domain. Join samba 3.0 into
> the w2k domain as a member. It does not seem to work with nt4 users.
>
> Looking at winbindd code, I found that all domain->methods point to the cache
> methods, the cache methods then point to either msrpc or ads methods
> depending on lp_security(). So if I set security=ads, msrpc methods are not
> even going to be used at all. This structure will certainly not work with
> trusts between w2k and nt4 domains.
You missed the magic bit in the ADS code, that apon failure to connect,
drops back to RPC.
> Is there an easy way to fix this? I can't think of anything right now. I
> think in order to make this work, we will need to figure out what type of
> domain this is when doing add_trusted_domains, and set the domain->methods to
> the correct msrpc or ads methods, instead of the cache methods right now.
> Then change the call into cache methods to call directly instead of
> domain->methods, and use domain->methods for the calls from the cache methods.
>
> Where can I find more information about the current design, concern? What
> might be a better solution to fix this? Anybody working on this right now?
What's the actual bug you are seeing?
For my mind, I think we should not have the switch to ADS/RPC at all,
and should always try ADS...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030604/2e4c5fd6/attachment.bin
More information about the samba-technical
mailing list