patch to fix "net -P" in non-ADS environments
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Mar 12 15:49:07 GMT 2006
Hi, Ronan!
On Fri, Mar 10, 2006 at 10:11:26AM +0000, Ronan Waide wrote:
> Logged as bug 3589 (https://bugzilla.samba.org/show_bug.cgi?id=3589);
> this patch enables net -P to work in non-ADS environments by checking
> if we're in an ADS environment before building a machine$@realm
> username.
Thanks. Some comments regarding the patch.
First, it was garbled with newlines although you sent it as
attachements. Second, the second asprint did have too many
parameters. But those are minor issues :-)
On the patch as such: I think this is not as easy, I tried
some varients of this. Generating the username differs from
whether we log in using ntlm or Kerberos, this is not a
function of being in ADS or not. So when I apply this patch
as it stands I fear that this breaks more than it fixes. For
example, in 'security=domain' mode in an AD domain the
ldap_sasl_bind in the call to net_ads_check tries to get a
ticket for "vlendec" which is my current user id. This
apparently is wrong.
So I'd like to leave the code as it is for now until a
proper fix is around. Maybe this is just another push
towards porting gensec from Samba4 :-)
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060312/2333c117/attachment.bin
More information about the samba-technical
mailing list