[Patches] improve wb_looup{name,sid,sids}()
Andreas Schneider
asn at samba.org
Sun Mar 12 08:30:09 UTC 2017
On Saturday, 11 March 2017 01:20:12 CET Stefan Metzmacher wrote:
> Hi,
>
> here're some improvements to wb_looup{name,sid,sids}()
>
> We avoid the bogus fallback to the forest root domain
> as the DC of our domain already does all the work for us.
Shouldn't we add this to Samba 4.6.1?
>
> And with this patches we only do one round trip to our dc
> for the following:
>
> bin/wbinfo
> --lookup-sids=S-1-5-21-278041429-3399921908-1452754838-500,S-1-5-21-29309754
> 64-1937418634-1288008815-500,S-1-5-21-1368093
> 395-3821428921-3924672915-500,S-1-5-21-167342819-981449877-2130266853-500,S
> -1-5-21-313966788-4060240134-2249344781-500
>
> S-1-5-21-278041429-3399921908-1452754838-500 -> W4EDOM-L4\Administrator 1
> S-1-5-21-2930975464-1937418634-1288008815-500 -> W2012R2-L4\Administrator 1
> S-1-5-21-1368093395-3821428921-3924672915-500 -> S1-W2012-L4\Administrator 1
> S-1-5-21-167342819-981449877-2130266853-500 -> S2-W2012-L4\Administrator 1
> S-1-5-21-313966788-4060240134-2249344781-500 -> S4XDOM\Administrator 1
>
> (we're member of S2-W2012-L4.S1-W2012-L4.W2012R2-L4.BASE)
>
> We have one forest with
> W2012R2-L4.BASE
> S1-W2012-L4.W2012R2-L4.BASE
> and
> S2-W2012-L4.S1-W2012-L4.W2012R2-L4.BASE
>
> And a forest trust to W4EDOM-L4.BASE
> And a forest trust to S4XDOM.BASE (samba-4.6.0)
>
> As a note to remember
>
> winbindd on the member does this:
>
> lsa_LookupSids3: struct lsa_LookupSids3
> in: struct lsa_LookupSids3
> sids : *
> sids: struct lsa_SidArray
> num_sids : 0x00000005 (5)
> sids : *
> sids: ARRAY(5)
> sids: struct lsa_SidPtr
> sid : *
> sid :
> S-1-5-21-278041429-3399921908-1452754838-500
> sids: struct lsa_SidPtr
> sid : *
> sid :
> S-1-5-21-2930975464-1937418634-1288008815-500
> sids: struct lsa_SidPtr
> sid : *
> sid :
> S-1-5-21-1368093395-3821428921-3924672915-500
> sids: struct lsa_SidPtr
> sid : *
> sid :
> S-1-5-21-167342819-981449877-2130266853-500
> sids: struct lsa_SidPtr
> sid : *
> sid :
> S-1-5-21-313966788-4060240134-2249344781-500
> names : *
> names: struct lsa_TransNameArray2
> count : 0x00000000 (0)
> names : NULL
> level : LSA_LOOKUP_NAMES_ALL (1)
> count : *
> count : 0x00000000 (0)
> lookup_options :
> LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
> client_revision : LSA_CLIENT_REVISION_2 (2)
>
>
> And the dc for S4XDOM.BASE gets this from the W2012R2-L4.BASE dc:
>
> in: struct lsa_LookupSids3
> sids : *
> sids: struct lsa_SidArray
> num_sids : 0x00000001 (1)
> sids : *
> sids: ARRAY(1)
> sids: struct lsa_SidPtr
> sid : *
> sid :
> S-1-5-21-313966788-4060240134-2249344781-500
> names : *
> names: struct lsa_TransNameArray2
> count : 0x00000000 (0)
> names : NULL
> level :
> LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
> count : *
> count : 0x00000000 (0)
> lookup_options :
> LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
> client_revision : LSA_CLIENT_REVISION_2 (2)
>
> Please review and push:-)
>
> Thanks!
> metze
More information about the samba-technical
mailing list