[PATCH] Allow GetDCNameEx to be called for arbitrary sites and trusted domains
Garming Sam
garming at catalyst.net.nz
Thu Apr 26 02:33:43 UTC 2018
Ping?
On 12/04/18 00:17, Stefan Metzmacher wrote:
> Hi Garming,
>
>> Using Volker's patches, the "No nmbd found" disappears, but the site
>> aware location is wrong (meaning the RPC call must fail in these cases).
>> It seems that the underlying dsgetdcname call does not respect the site
>> name parameter in winbind when using NETBIOS names. I've also noticed
>> that although I test the winbind forwarding and having different
>> domains, it doesn't actually test being in a different site (partly
>> because we don't have any DCs like that in selftest currently). With my
>> full patchset, making the query using a trust NETBIOS domain name AND a
>> specified site may fail if there is more than one site (or it
>> arbitrarily picks a DC whose site differs). Compared with the original
>> behaviour at least, that's significantly better, and all the DNS domains
>> should work as well as the single domain case with NETBIOS (where it's
>> currently remedied at the RPC layer).
>>
>> To fix the trusted domain case, either dsgetdcname needs to use the
>> response from discover_dc_netbios to retry the query with the DNS realm
>> (this is on top of Volker's patches). Or it needs to do some other
>> mapping using information winbind might know. I've got a number of other
>> projects that I need to be working on, so I can't really look into this
>> further. I would really like to push this current patchset for now
>> (assuming you don't have any further objections), so as to fix most of
>> the cases just by implementing the forwarding behaviour, and hopefully
>> there's enough info that I've gathered to go on to fix the edge cases
>> around trusted domains (and presumably undo the RPC layer NETBIOS fix I
>> made).
> sorry for the delay. I hope to have another look at this tomorrow
> and will push (at least some of the patches).
>
> metze
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180426/72bc1c37/signature.sig>
More information about the samba-technical
mailing list