net ads search on trusted domain failed due to missing realm param.

[Nimrod Sapir]

Hi

I've been experimenting with "net ads search" command, and noticed a weird 
behavior when trying to run searches on the non-default domain. 

Let's assume I have two domains, mydomain.com and mydomain2.com, with 
trust relation between them. Now, I've joined my Samba server (3.6.10) as 
client to the first one. Therefore, the smb.conf will contain:

realm = mydomain.com
workgroup = MYDOMAIN

Now, if I run:

net ads search objectClass=user

I get all the users from mydomain.com domain. Now, when I try to run the 
command for mydomain2 domain:

net ads search -w MYDOMAIN2 objectClass=user 

I get the following error:
"ads_find_dc: no realm or workgroup!  Don't know what to do"

Looking at the code, it seems that the ads_find_dc function assumes that 
if it does not have any workgroup or realm, it should use the default one. 
But if only one is missing (in that case, the realm) it returns an error. 
However, there is no parameter I can use to define the realm for the 
request. I found a workaround for this issue, by creating a new conf file, 
/tmp/conf_domain2, containing the realm and workgroup:

[global]
realm = mydomain2.com
workgroup = MYDOMAIN2

and running "net ads search -s /tmp/conf_domain2 objectClass=user". But 
this is extremely counter-intuitive. Do you think the above is something 
that should be fixed (probably by adding a realm param to the net 
command)? Is there an easier way of running ldap search on a trusted 
domain?

Thanks
Nimrod Sapir
IBM - XIV, Israel
NAS Development Team
Office: +972-3-689-7763
Cell:   +972-54-7726-320
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1338 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130109/a3bc3bf8/attachment.gif>