[PATCH] Fix 'smbpasswd' as local user in domain member case

Andrew Bartlett abartlet at samba.org
Tue Aug 22 10:33:39 UTC 2017 

On Tue, 2017-08-22 at 08:22 +0200, Andreas Schneider wrote:
> On Monday, 21 August 2017 21:21:27 CEST Andrew Bartlett wrote:
> > On Mon, 2017-08-21 at 16:11 +0200, Andreas Schneider wrote:
> > > On Friday, 18 August 2017 21:20:21 CEST Andrew Bartlett wrote:
> > > > On Fri, 2017-08-18 at 16:39 +0200, Andreas Schneider via samba-
> > > > 
> > > > technical wrote:
> > > > > Hi,
> > > > > 
> > > > > the attached patch fixes calling 'smbpasswd' as a local user if the
> > > > > machine is a domain member.
> > > > > 
> > > > > Before we authenticated with the workgroup as the domain name, so we
> > > > > contacted winbind instead of our SAM.
> > > > > 
> > > > > 
> > > > > Review and push apprecaited!
> > > > 
> > > > The patch looks good, but can we get a test so we don't regress on this
> > > > again?
> > > 
> > > It took me quite a few hours to develop the test for this, but thanks to
> > > the new uid_wrapper features, we can do such things now :-)
> > 
> > Nice!
> > 
> > I had expected you would just use the -r option, but this certainly
> > tests the entire problem!
> > 
> > Does it still work correctly on a DC, given you force the domain to the
> > netbios name?  I'm assuming so, I think you can log in with the netbios
> > name to domain account, but can we just run the test additionally in
> > nt4_dc to be sure (reworking the test to run on the AD DC is more work
> > than I want to ask).
> 
> See attached.

I'm not convinced this is in the right spot.  Doesn't theĀ 

domain = lp_netbios_name()

bit need to be in the 

if (remote_machine == NULL) {

chunk?  

Otherwise don't we end up in the same muddle forĀ 

smbpasswd -r $OTHERHOST?

And in that case, what should domain be set to?  Presumably
remote_machine, and if an IP is used, just leave it broken?

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list