Bug in LSA lookup names in 3.0.25b/c, bugzilla 4801

John P Janosik jpjanosi at us.ibm.com
Mon Aug 27 19:13:41 GMT 2007


We have a Samba domain that has a trust with a Windows active directory
domain.  After upgrading our Samba DCs from 3.0.20c to 3.0.25b we started
getting DB2 authentication errors for IDs in the samba domain.  These
authentications requests are made from a Windows member server in the
trusted Active Directory domain.  The cause is that the AD DC is making an
lsa lookup names 2 rpc to the Samba domain with the lookup level set to 3
for the ID being authenticated.  DB2 is not specifying the domain name of
the user so the AD DC also does not specify the domain in the lookup names
2 rpc.  I've temporarily worked around the issue by setting the flags in
the _lsa_lookup_names2 code to LOOKUP_NAME_ALL for both lookup level 1 and
3.  This seemed safe for the case of our Samba domain controllers but
seemed incorrect for domain member servers.  Can someone take a look at
fixing this properly for the next Samba release?


Thanks,

John Janosik
IBM Information Technology Delivery
Server Systems Operations
Rochester, MN
(507)253-6790 t/l: 553-6790
jpjanosi at us.ibm.com



More information about the samba-technical mailing list