More forest trust related patches
Stefan (metze) Metzmacher
metze at samba.org
Wed Jul 8 12:23:34 CEST 2015
Am 08.07.2015 um 10:17 schrieb Alexander Bokovoy:
> On Wed, Jul 08, 2015 at 07:35:33AM +0200, Stefan (metze) Metzmacher wrote:
>> Am 08.07.2015 um 03:16 schrieb Andrew Bartlett:
>>> On Thu, 2015-07-02 at 14:58 +0200, Stefan (metze) Metzmacher wrote:
>>>> Am 01.07.2015 um 23:18 schrieb Stefan (metze) Metzmacher:
>>>>> Am 01.07.2015 um 18:06 schrieb Stefan (metze) Metzmacher:
>>>>>> Hi Andrew,
>>>>>>
>>>>>>>>> can you have a look at my current master4-forest-ok branch?
>>>>>>>>>
>>>>>>>>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=r
>>>>>>>>> efs/heads/master4-forest-ok
>>>>>>
>>>>>> I've uploaded updated patches.
>>>>>
>>>>> The commit message of
>>>>> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=f56effe
>>>>> 2aae08c89858dc5f1cf1f44b1e20ada5d
>>>>>
>>>>> Needs to be fixed dsdb_trust_routing_tln() is now
>>>>> dsdb_trust_routing_by_name()...
>>>>
>>>> Fixed in the current master4-forest-ok branch.
>>>
>>> I've reviewed these and they are in autobuild now!
>>
>> Thanks!
>>
>>> One last thing to look at is fixing our SamLogon server in
>>> dcesrv_netr_LogonSamLogon_base not to set unilaterally:
>>>
>>> *r->out.authoritative = 1;
>>>
>>> It needs to only be set if we were the trusted domain. Sadly this
>>> issue will make fixing the trusted domain vs unknown name handling in
>>> our file server harder :-(
>>
>> There's even much more required on the netlogon/lsa/drsuapi front.
>>
>> And all the sid-filtering rules are missing as well as having
>> identities from other domains as member of (universal?) groups.
>>
>> But I think it's good to have the basics available in 4.3,
>> I'll write a WHATSNEW section explaining what should work and what not.
> There is also an issue with the content of TDO objects we create when
> trust is established. Microsoft's protocol test suite complains they are
> not valid. I don't have much details yet as my Samba AD VM which was
> used for testing at IO Lab is somewhere travelling on a USB drive I
> forgot at the lab.
That might be already be fixed with
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=816d1527c0b8bbde1d206159f5f7fef6683b02f1
But it would be good to get the detailed test results.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150708/101ce334/signature.pgp>
More information about the samba-technical
mailing list