Bug in LSA lookup names in 3.0.25b/c, bugzilla 4801
Jeremy Allison
jra at samba.org
Mon Aug 27 19:20:16 GMT 2007
On Mon, Aug 27, 2007 at 02:13:41PM -0500, John P Janosik wrote:
>
> We have a Samba domain that has a trust with a Windows active directory
> domain. After upgrading our Samba DCs from 3.0.20c to 3.0.25b we started
> getting DB2 authentication errors for IDs in the samba domain. These
> authentications requests are made from a Windows member server in the
> trusted Active Directory domain. The cause is that the AD DC is making an
> lsa lookup names 2 rpc to the Samba domain with the lookup level set to 3
> for the ID being authenticated. DB2 is not specifying the domain name of
> the user so the AD DC also does not specify the domain in the lookup names
> 2 rpc. I've temporarily worked around the issue by setting the flags in
> the _lsa_lookup_names2 code to LOOKUP_NAME_ALL for both lookup level 1 and
> 3. This seemed safe for the case of our Samba domain controllers but
> seemed incorrect for domain member servers. Can someone take a look at
> fixing this properly for the next Samba release?
John, do we have a bugzilla on this ? If so can you mark is as a
blocker and we'll try and ensure we nail it.
Thanks,
Jeremy.
More information about the samba-technical
mailing list