[PATCH] Allow GetDCNameEx to be called for arbitrary sites and trusted domains
metze at samba.org
Wed Apr 11 12:17:17 UTC 2018
> Using Volker's patches, the "No nmbd found" disappears, but the site
> aware location is wrong (meaning the RPC call must fail in these cases).
> It seems that the underlying dsgetdcname call does not respect the site
> name parameter in winbind when using NETBIOS names. I've also noticed
> that although I test the winbind forwarding and having different
> domains, it doesn't actually test being in a different site (partly
> because we don't have any DCs like that in selftest currently). With my
> full patchset, making the query using a trust NETBIOS domain name AND a
> specified site may fail if there is more than one site (or it
> arbitrarily picks a DC whose site differs). Compared with the original
> behaviour at least, that's significantly better, and all the DNS domains
> should work as well as the single domain case with NETBIOS (where it's
> currently remedied at the RPC layer).
> To fix the trusted domain case, either dsgetdcname needs to use the
> response from discover_dc_netbios to retry the query with the DNS realm
> (this is on top of Volker's patches). Or it needs to do some other
> mapping using information winbind might know. I've got a number of other
> projects that I need to be working on, so I can't really look into this
> further. I would really like to push this current patchset for now
> (assuming you don't have any further objections), so as to fix most of
> the cases just by implementing the forwarding behaviour, and hopefully
> there's enough info that I've gathered to go on to fix the edge cases
> around trusted domains (and presumably undo the RPC layer NETBIOS fix I
sorry for the delay. I hope to have another look at this tomorrow
and will push (at least some of the patches).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the samba-technical