winbindd: msrpc vs. ads methods & domain trusts between ADS and NT4

Andrew Bartlett abartlet at samba.org
Wed Jun 4 23:33:29 GMT 2003 

On Thu, 2003-06-05 at 05:29, Chere Zhou wrote:
> I have a 2 way trust between w2k domain and nt4 domain.  Join samba 3.0 into 
> the w2k domain as a member.  It does not seem to work with nt4 users.
> 
> Looking at winbindd code, I found that all domain->methods point to the cache 
> methods, the cache methods then point to either msrpc or ads methods 
> depending on lp_security().  So if I set security=ads, msrpc methods are not 
> even going to be used at all.   This structure will certainly not work with 
> trusts between w2k and nt4 domains.

You missed the magic bit in the ADS code, that apon failure to connect,
drops back to RPC.

> Is there an easy way to fix this?  I can't think of anything right now.  I 
> think in order to make this work, we will need to figure out what type of 
> domain this is when doing add_trusted_domains, and set the domain->methods to 
> the correct msrpc or ads methods, instead of the cache methods right now.  
> Then change the call into cache methods to call directly instead of 
> domain->methods, and use domain->methods for the calls from the cache methods.
> 
> Where can I find more information about the current design, concern?  What 
> might be a better solution to fix this?  Anybody working on this right now?

What's the actual bug you are seeing?

For my mind, I think we should not have the switch to ADS/RPC at all,
and should always try ADS...

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030604/2e4c5fd6/attachment.bin

More information about the samba-technical mailing list