[PR PATCH] [Updated] samba-tool domain trust: fix trust compatibility to Windows Server 1709 and FreeIPA

Alexander Bokovoy ab at samba.org
Thu Mar 1 08:14:12 UTC 2018 

On to, 01 maalis 2018, Alexander Bokovoy via samba-technical wrote:
> On to, 01 maalis 2018, Stefan Metzmacher via samba-technical wrote:
> > Hi Alexander,
> > 
> > >> As we only use remote_netlogon_info.dc_unc can we
> > >> add get_netlogon_dc_unc() that falls back to netr_GetDcName()
> > >> against the remote dc.
> > >>
> > >> That would also help if we try to implement trusts against
> > >> an NT4 style domain.
> > > Makes sense. Updated patches attached.
> > 
> > Thanks much better:-)!
> > Is that tested against FreeIPA?
> Not yet, in my plans for today as I'm trying to figure out what else we
> are missing in TDO salt principals.
While there are other issues I'm currently tracking, the fallback seems
to work just fine against FreeIPA:

log.smbd.lsasd.1-[2018/03/01 10:07:54.360777,  4, pid=6449, effective(1875400000, 1875400000), real(1875400000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1507(api_rpcTNP)
log.smbd.lsasd.1:  api_rpcTNP: netlogon op 0x22 - api_rpcTNP: rpc command: NETR_DSRGETDCNAMEEX2
--
log.smbd.lsasd.1-[2018/03/01 10:07:54.360814,  1, pid=6449, effective(1875400000, 1875400000), real(1875400000, 0)] ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
log.smbd.lsasd.1:       netr_DsRGetDCNameEx2: struct netr_DsRGetDCNameEx2
log.smbd.lsasd.1:          in: struct netr_DsRGetDCNameEx2
--
log.smbd.lsasd.1-[2018/03/01 10:07:54.360938,  4, pid=6449, effective(1875400000, 1875400000), real(1875400000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1558(api_rpcTNP)
log.smbd.lsasd.1:  api_rpcTNP: fault(469827586) return.
--
log.smbd.lsasd.1-[2018/03/01 10:07:54.364164,  4, pid=6449, effective(1875400000, 1875400000), real(1875400000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1507(api_rpcTNP)
log.smbd.lsasd.1:  api_rpcTNP: netlogon op 0xb - api_rpcTNP: rpc command: NETR_GETDCNAME
--
log.smbd.lsasd.1-[2018/03/01 10:07:54.364191,  1, pid=6449, effective(1875400000, 1875400000), real(1875400000, 0)] ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
log.smbd.lsasd.1:       netr_GetDcName: struct netr_GetDcName
log.smbd.lsasd.1:          in: struct netr_GetDcName
--
log.smbd.lsasd.1-[2018/03/01 10:07:54.367088,  1, pid=6449, effective(1875400000, 1875400000), real(1875400000, 0)] ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
log.smbd.lsasd.1:       netr_GetDcName: struct netr_GetDcName
log.smbd.lsasd.1:          out: struct netr_GetDcName

-- 
/ Alexander Bokovoy

More information about the samba-technical mailing list