More forest trust related patches

[Alexander Bokovoy]

On Wed, Jul 08, 2015 at 07:35:33AM +0200, Stefan (metze) Metzmacher wrote:
> Am 08.07.2015 um 03:16 schrieb Andrew Bartlett:
> > On Thu, 2015-07-02 at 14:58 +0200, Stefan (metze) Metzmacher wrote:
> >> Am 01.07.2015 um 23:18 schrieb Stefan (metze) Metzmacher:
> >>> Am 01.07.2015 um 18:06 schrieb Stefan (metze) Metzmacher:
> >>>> Hi Andrew,
> >>>>
> >>>>>>> can you have a look at my current master4-forest-ok branch?
> >>>>>>>
> >>>>>>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=r
> >>>>>>> efs/heads/master4-forest-ok
> >>>>
> >>>> I've uploaded updated patches.
> >>>
> >>> The commit message of
> >>> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=f56effe
> >>> 2aae08c89858dc5f1cf1f44b1e20ada5d
> >>>
> >>> Needs to be fixed dsdb_trust_routing_tln() is now
> >>> dsdb_trust_routing_by_name()...
> >>
> >> Fixed in the current master4-forest-ok branch.
> > 
> > I've reviewed these and they are in autobuild now!
> 
> Thanks!
> 
> > One last thing to look at is fixing our SamLogon server in
> > dcesrv_netr_LogonSamLogon_base not to set unilaterally:
> > 
> > 	*r->out.authoritative = 1;
> > 
> > It needs to only be set if we were the trusted domain.  Sadly this
> > issue will make fixing the trusted domain vs unknown name handling in
> > our file server harder :-(
> 
> There's even much more required on the netlogon/lsa/drsuapi front.
> 
> And all the sid-filtering rules are missing as well as having
> identities from other domains as member of (universal?) groups.
> 
> But I think it's good to have the basics available in 4.3,
> I'll write a WHATSNEW section explaining what should work and what not.
There is also an issue with the content of TDO objects we create when
trust is established. Microsoft's protocol test suite complains they are
not valid. I don't have much details yet as my Samba AD VM which was
used for testing at IO Lab is somewhere travelling on a USB drive I
forgot at the lab.


-- 
/ Alexander Bokovoy