More forest trust related patches
Andrew Bartlett
abartlet at samba.org
Tue Feb 10 02:05:18 MST 2015
On Tue, 2015-02-10 at 09:41 +0100, Stefan (metze) Metzmacher wrote:
> Hi,
>
> there're some more patches ready in my master4-forest-ok branch.
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-forest-ok
>
> Please review and push:-)
>
> Thanks!
> metze
In
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=17cfcc3b65d19c1b683d3beec84f1ec159e1bea6
why do we have:
ok = samdb_is_pdc(state->ldb);
+ if (!ok) {
+ DEBUG(2, ("Password changes for domain %s are only
allowed on a PDC.\n",
+ domain));
+ TALLOC_FREE(tmp_ctx);
+ ldb_transaction_cancel(state->ldb);
+ return false;
+ }
Also, I would really like some tests along the lines of what I just did
in krb5.kdc to:
- set a trust password (both ascii and binary) over LSA
- connect as that trust over NETLOGON
- get a ticket to that trust from the KDC
- process that ticket and verify that we can decrypt it.
That would give us the certainty that we are getting this UTF16-MUNGED
stuff and other KDC parts right.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list