summaryrefslogtreecommitdiff
path: root/source3/auth/auth_util.c
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-06-30 20:45:14 +0000
committerGerald Carter <jerry@samba.org>2003-06-30 20:45:14 +0000
commite359dbcedb53b03df79140c30ecfdfdbcb904595 (patch)
tree8d477ea151c844936e561822256321bff580c588 /source3/auth/auth_util.c
parenta32ae05744e8e065bc4be56e93875c29182bb760 (diff)
downloadsamba-e359dbcedb53b03df79140c30ecfdfdbcb904595.tar.gz
samba-e359dbcedb53b03df79140c30ecfdfdbcb904595.tar.bz2
samba-e359dbcedb53b03df79140c30ecfdfdbcb904595.zip
* cleanup more DC name resolution issues in check_*domain_security()
* is_trusted_domain() is broken without winbind. Still working on this. * get_global_sam_name() should return the workgroup name unless we are a standalone server (verified by volker) * Get_Pwnam() should always fall back to the username (minus domain name) even if it is not our workgroup so that TRUSTEDOMAIN\user can logon if 'user' exists in the local list of accounts (on domain members w/o winbind) Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0 domain member not running winbindd. notes: make_user_info_map() is slightly broken now due to the fact that is_trusted_domain() only works with winbindd. disabled checks temporarily until I can sort this out. (This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e)
Diffstat (limited to 'source3/auth/auth_util.c')
-rw-r--r--source3/auth/auth_util.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 1538fc50a1..30510c1bfa 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -216,6 +216,9 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
/* do what win2k does. Always map unknown domains to our own
and let the "passdb backend" handle unknown users */
+ /* FIXME!!!! grr...this is a broken check currently since is_trusted_domain()
+ is useless without winbindd --jerry */
+
if ( !is_trusted_domain(domain) )
domain = get_global_sam_name();
@@ -869,10 +872,12 @@ static NTSTATUS fill_sam_account(const char *domain,
passwd = Get_Pwnam(dom_user);
- if ( (passwd == NULL) && is_myworkgroup(domain) ) {
- /* For our own domain also try unqualified */
+ /* if the lookup for DOMAIN\username failed, try again
+ with just 'username'. This is need for accessing the server
+ as a trust user that actually maps to a local account */
+
+ if ( !passwd )
passwd = Get_Pwnam(username);
- }
if (passwd == NULL)
return NT_STATUS_NO_SUCH_USER;