patch to make winbindd use schannel if possible

tridge at tridge at
Mon Feb 2 06:25:42 GMT 2004

Andrew and Jerry,

This patch solves the '100 user' problem I told you about
recently. Could you take a look and see if you can spot any potential
problems with it? I'd like to commit it for the upcoming release but
would prefer you to take a look first.


win2003 seems to only allow the enumeration of a maximum of 100 users
on anonymous RPC connections. This is almost certainly a windows bug,
but we need some way to work around it. The symptoms are that w2k3
returns at most 100 users in an initial display info search, and gives
NT_STATUS_OK. All searches starting at an index of greater than 0
return no users and NT_STATUS_OK. If you use an authenticated
connection then the problem goes away.

This patch makes winbindd use a schannel signed (but not sealed)
connection whenever possible. I've found that win2003 correctly
answers user enumeration queries with this change. If the schannel
setup fails then winbindd continues without schannel, which should
allow existing broken setups (users that are using winbindd without a
domain join) to continue limping along.	

Cheers, Tridge

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winbind_schannel.patch
Type: application/octet-stream
Size: 1593 bytes
Desc: make winbindd use schannel
Url :

More information about the samba-technical mailing list