Bug in LSA lookup names in 3.0.25b/c, bugzilla 4801
Luke Howard
lukeh at padl.com
Tue Aug 28 14:54:06 GMT 2007
Jerry,
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Luke
> ,
>
>> "The transitivity of forest trusts is limited to the two forest
>> partners; the forest trust does not extend to additional forests trusted
>> by either of the partners."
>>
>> That was what I meant above :-)
>>
>
> Sorry. I misunderstood. Yes. That is my understanding
> and experience as well.
>
So I'm speculating (unfortunately I don't have the test environment to
verify) that if Windows uses level 6 across a cross-forest trust, it's
not expecting results from outside the remote global catalog.
Consider:
A <-XFT-> B <-ET-> C
where A, B, C are all Windows 2003 domains but XFT is a cross-forest
trust and ET is an external trust (although for the sake of this example
it could be another cross-forest trust, or C could be a Windows 2000
domain).
If you do LsaLookupNames(Name=Administrator at B, Level=1) on A, it will
transit to LsaLookupNames(Name=Administrator at B, Level=6) on B.
Presumably it should not search C because of the definition of a
cross-forest trust.
But again, pure speculation on my part. :-)
-- Luke
--
www.padl.com | www.lukehoward.com
More information about the samba-technical
mailing list