[PATCH] winbind: Fall back to msrpc for trusted_domains call
Jeremy Allison
jra at samba.org
Mon Oct 10 21:12:23 UTC 2016
On Fri, Oct 07, 2016 at 04:02:12PM -0700, Christof Schmitt wrote:
> From 7326d74677fde1903d5de489eeed3ecd1254daca Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Fri, 7 Oct 2016 15:39:00 -0700
> Subject: [PATCH] winbind: Fall back to msrpc for trusted_domains call
>
> The netlogon authentication requires a trust account that is not
> available for domain members in another domain. Use the msrpc method
> instead in this case.
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
Christof,
I'm trying to figure out under what circumstances
we'd call this for our non-primary domain ?
The only way I can see this is from
rescan_forest_root_trusts() ->
add_trusted_domains() ->
wb_domain_request_send(WINBINDD_LIST_TRUSTDOM)
which causes the child to ask for a trusted domain
list.
Here be dragons, so I'm trying to understand why
we'd be doing this.. :-).
Cheers,
Jeremy.
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12368
> ---
> source3/winbindd/winbindd_ads.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
> index dc92a4a..0ad4056 100644
> --- a/source3/winbindd/winbindd_ads.c
> +++ b/source3/winbindd/winbindd_ads.c
> @@ -1556,6 +1556,16 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
>
> DEBUG(3,("ads: trusted_domains\n"));
>
> + if (!IS_DC && !domain->primary) {
> + /*
> + * The netlogon authentication below requires a trust
> + * account that is not available to domain members,
> + * fall back to the RPC methods call.
> + */
> + return msrpc_methods.trusted_domains(domain, mem_ctx, trusts);
> + }
> +
> +
> ZERO_STRUCTP(trusts);
>
> /* If this is our primary domain or a root in our forest,
> --
> 1.8.3.1
>
More information about the samba-technical
mailing list