Starting to look like Active Directory...
abartlet at samba.org
Sun May 4 03:42:04 GMT 2003
Over the past few months, Samba 3.0 has started to look very much like
Active Directory to Win2k clients.
This has occurred so much so, that clients actively look our netbios
name up in DNS, for example. (resulting in even more addition silly load
on global root servers)
However, the problem I've noticed particularly is in getting a Win2k
domain to 'trust' us - as in the 'trusted domains' sense of the word.
To do this, Win2k needs to join our domain, with a machine trust
account. This is something that I've had in production with NT4 for
quite a while now, and it is something that we need to have working for
Samba 3.0 w/ Win2k.
The problem is this: The win2k server makes a call to:
(from jmcd's CVS commit message)
> Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c,
> which is netbios and dns domain info. Also add code to set/fetch the
> domain GUID from secrets.tdb (although set is not yet called by
This is all well and good, but the original implementation used
'lp_realm()' to get the DNS name, which caused 'invalid paramter' errors
on the win2k client. Now we return the real DNS domain name, but our
clients (and the domain I'm trying to get us to trust) now really think
we are AD, and start to lookup the magic names under our DNS domain
Having not found these names, the potentially trusting domain bombs
Where should we go from here? Start disabling things, until it breaks
back into NT4 - but what do we loose by doing that? Start providing an
example DNS zone file?
I would appreciate some thoughts on this matter.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030504/20a4940b/attachment.bin
More information about the samba-technical