Joining domains specifying auth realm
Ken Cross
kcross at nssolutions.com
Tue Mar 11 15:06:01 GMT 2003
Here's a patch for net_ads.c that will allow the realm to be specified
with -U, such as:
net ads join -U username at realm.name%password
This is for SAMBA_3_0 -- I presume it's very similar for HEAD.
I noticed that net is getting this message:
net in free(): warning: chunk is already free.
It gets it with or without my patch, so something's being
doubly-deallocated.
Enjoy!
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Thursday, March 06, 2003 3:38 PM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'
> Subject: Re: Joining domains specifying auth realm
>
>
> On Fri, 2003-03-07 at 03:44, Ken Cross wrote:
> > Samba-folk:
> >
> > I've run into a problem that I'd like to throw open for a general
> > solution.
> >
> > The problem is joining an Active Directory, say
> AD1.COMPANY.COM, but
> > specifying a different authentication realm for the
> username/password,
> > say AD2.COMPANY.COM. For instance, this currently fails:
> >
> > net ads join AD1 -U username%password
> >
> > No matter what is specified on the command line or smb.conf
> (that I've
> > found), it always tries to authenticate using
> > "username at AD1.COMPANY.COM".
> >
> > How should we allow an alternate authentication domain be specified?
> > Maybe:
> >
> > net ads join AD1 -U username at AD2.COMPANY.COM%password
> >
> > or
> >
> > net ads join AD1 -A AD2.COMPANY.COM -U username%password
> >
> > Or have I missed something fundamental?
>
> If you kinit first, it should 'just work', but if you want to
> add the code so that we can login with -U
> username at AD2.COMPANY.COM%password then this would be much
> appreciated! (To make it easy, just do it for kerberos logins)
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
-------------- next part --------------
Index: net_ads.c
===================================================================
RCS file: /cvsroot/samba/source/utils/net_ads.c,v
retrieving revision 1.37.2.12
diff -p -u -r1.37.2.12 net_ads.c
--- net_ads.c 24 Feb 2003 03:06:45 -0000 1.37.2.12
+++ net_ads.c 11 Mar 2003 14:56:28 -0000
@@ -122,6 +122,7 @@ static ADS_STRUCT *ads_startup(void)
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
+ char *cp;
ads = ads_init(NULL, NULL, opt_host);
@@ -147,6 +148,16 @@ retry:
ads->auth.user_name = strdup(opt_user_name);
+ /*
+ * If the username is of the form "name at realm",
+ * extract the realm and convert to upper case.
+ */
+ if (cp = strchr(ads->auth.user_name, '@')) {
+ *cp++ = '\0';
+ ads->auth.realm = strdup(cp);
+ strupper(ads->auth.realm);
+ }
+
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
More information about the samba-technical
mailing list