winbindd: msrpc vs. ads methods & domain trusts between ADS and NT4

Andrew Bartlett abartlet at
Wed Jun 4 23:33:29 GMT 2003

On Thu, 2003-06-05 at 05:29, Chere Zhou wrote:
> I have a 2 way trust between w2k domain and nt4 domain.  Join samba 3.0 into 
> the w2k domain as a member.  It does not seem to work with nt4 users.
> Looking at winbindd code, I found that all domain->methods point to the cache 
> methods, the cache methods then point to either msrpc or ads methods 
> depending on lp_security().  So if I set security=ads, msrpc methods are not 
> even going to be used at all.   This structure will certainly not work with 
> trusts between w2k and nt4 domains.

You missed the magic bit in the ADS code, that apon failure to connect,
drops back to RPC.

> Is there an easy way to fix this?  I can't think of anything right now.  I 
> think in order to make this work, we will need to figure out what type of 
> domain this is when doing add_trusted_domains, and set the domain->methods to 
> the correct msrpc or ads methods, instead of the cache methods right now.  
> Then change the call into cache methods to call directly instead of 
> domain->methods, and use domain->methods for the calls from the cache methods.
> Where can I find more information about the current design, concern?  What 
> might be a better solution to fix this?  Anybody working on this right now?

What's the actual bug you are seeing?

For my mind, I think we should not have the switch to ADS/RPC at all,
and should always try ADS...

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list