22 files changed, 321 insertions, 192 deletions

diff --git a/source3/include/doserr.h b/source3/include/doserr.h
index 546d06926a..5794fbe71c 100644
--- a/source3/include/doserr.h
+++ b/source3/include/doserr.h
@@ -202,6 +202,7 @@
 #define WERR_SERVICE_ALREADY_RUNNING W_ERROR(1056)
 #define WERR_SERVICE_DISABLED W_ERROR(1058)
 #define WERR_SERVICE_NEVER_STARTED W_ERROR(1077)
+#define WERR_INVALID_COMPUTER_NAME W_ERROR(1210)
 #define WERR_MACHINE_LOCKED W_ERROR(1271)
 #define WERR_NO_LOGON_SERVERS W_ERROR(1311)
 #define WERR_NO_SUCH_LOGON_SESSION W_ERROR(1312)
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index 5ddb877b90..9f4645b691 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -145,31 +145,6 @@ SamrTestPrivateFunctionsUser
 #define SAMR_CHGPASSWD_USER3   0x3F
 #define SAMR_CONNECT5          0x40
 
-/* SAMR account creation flags/permissions */
-#define SAMR_USER_GETNAME               0x1
-#define SAMR_USER_GETLOCALE             0x2
-#define SAMR_USER_GETLOCCOM             0x4
-#define SAMR_USER_GETLOGONINFO          0x8
-#define SAMR_USER_GETATTR               0x10
-#define SAMR_USER_SETATTR               0x20
-#define SAMR_USER_CHPASS                0x40
-#define SAMR_USER_SETPASS               0x80
-#define SAMR_USER_GETGROUPS             0x100
-#define SAMR_USER_GETMEMBERSHIP         0x200
-#define SAMR_USER_CHMEMBERSHIP          0x400
-#define SAMR_STANDARD_DELETE            0x10000
-#define SAMR_STANDARD_READCTRL          0x20000
-#define SAMR_STANDARD_WRITEDAC          0x40000
-#define SAMR_STANDARD_WRITEOWNER        0x80000
-#define SAMR_STANDARD_SYNC              0x100000
-#define SAMR_GENERIC_ACCESSSACL         0x800000
-#define SAMR_GENERIC_MAXALLOWED         0x2000000
-#define SAMR_GENERIC_ALL                0x10000000
-#define SAMR_GENERIC_EXECUTE            0x20000000
-#define SAMR_GENERIC_WRITE              0x40000000
-#define SAMR_GENERIC_READ               0x80000000
-
-
 typedef struct logon_hours_info
 {
 	uint32 max_len; /* normally 1260 bytes */
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 538cca7994..f83e0fbb60 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -684,10 +684,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 	const_acct_name = acct_name;
 
 	if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
-		uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
-			SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
-			SAMR_STANDARD_DELETE | SAMR_USER_SETPASS |
-			SAMR_USER_GETATTR | SAMR_USER_SETATTR;
+		uint32_t acct_flags =
+			SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+			SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+			SAMR_USER_ACCESS_SET_PASSWORD |
+			SAMR_USER_ACCESS_GET_ATTRIBUTES |
+			SAMR_USER_ACCESS_SET_ATTRIBUTES;
 
 		status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx,
 						     &domain_pol,
diff --git a/source3/librpc/gen_ndr/cli_netlogon.c b/source3/librpc/gen_ndr/cli_netlogon.c
index 414e053dc9..d6739c5a26 100644
--- a/source3/librpc/gen_ndr/cli_netlogon.c
+++ b/source3/librpc/gen_ndr/cli_netlogon.c
@@ -1183,24 +1183,29 @@ NTSTATUS rpccli_netr_NETRLOGONSETSERVICEBITS(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli,
-					  TALLOC_CTX *mem_ctx,
-					  WERROR *werror)
+NTSTATUS rpccli_netr_LogonGetTrustRid(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      const char *server_name,
+				      const char *domain_name,
+				      uint32_t *rid,
+				      WERROR *werror)
 {
-	struct netr_NETRLOGONGETTRUSTRID r;
+	struct netr_LogonGetTrustRid r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.domain_name = domain_name;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRLOGONGETTRUSTRID, &r);
+		NDR_PRINT_IN_DEBUG(netr_LogonGetTrustRid, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
 				mem_ctx,
 				PI_NETLOGON,
 				&ndr_table_netlogon,
-				NDR_NETR_NETRLOGONGETTRUSTRID,
+				NDR_NETR_LOGONGETTRUSTRID,
 				&r);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -1208,7 +1213,7 @@ NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRLOGONGETTRUSTRID, &r);
+		NDR_PRINT_OUT_DEBUG(netr_LogonGetTrustRid, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -1216,6 +1221,7 @@ NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*rid = *r.out.rid;
 
 	/* Return result */
 	if (werror) {
diff --git a/source3/librpc/gen_ndr/cli_netlogon.h b/source3/librpc/gen_ndr/cli_netlogon.h
index 30a9645767..9716f4084b 100644
--- a/source3/librpc/gen_ndr/cli_netlogon.h
+++ b/source3/librpc/gen_ndr/cli_netlogon.h
@@ -185,9 +185,12 @@ NTSTATUS rpccli_netr_NETRLOGONDUMMYROUTINE1(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_netr_NETRLOGONSETSERVICEBITS(struct rpc_pipe_client *cli,
 					     TALLOC_CTX *mem_ctx,
 					     WERROR *werror);
-NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli,
-					  TALLOC_CTX *mem_ctx,
-					  WERROR *werror);
+NTSTATUS rpccli_netr_LogonGetTrustRid(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      const char *server_name,
+				      const char *domain_name,
+				      uint32_t *rid,
+				      WERROR *werror);
 NTSTATUS rpccli_netr_NETRLOGONCOMPUTESERVERDIGEST(struct rpc_pipe_client *cli,
 						  TALLOC_CTX *mem_ctx,
 						  WERROR *werror);
diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c
index 88b9fbd6e5..7bc85935d1 100644
--- a/source3/librpc/gen_ndr/ndr_netlogon.c
+++ b/source3/librpc/gen_ndr/ndr_netlogon.c
@@ -11184,41 +11184,127 @@ _PUBLIC_ void ndr_print_netr_NETRLOGONSETSERVICEBITS(struct ndr_print *ndr, cons
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_NETRLOGONGETTRUSTRID(struct ndr_push *ndr, int flags, const struct netr_NETRLOGONGETTRUSTRID *r)
+static enum ndr_err_code ndr_push_netr_LogonGetTrustRid(struct ndr_push *ndr, int flags, const struct netr_LogonGetTrustRid *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.domain_name));
+		if (r->in.domain_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.domain_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.domain_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.domain_name, ndr_charset_length(r->in.domain_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.rid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.rid));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_NETRLOGONGETTRUSTRID(struct ndr_pull *ndr, int flags, struct netr_NETRLOGONGETTRUSTRID *r)
+static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, int flags, struct netr_LogonGetTrustRid *r)
 {
+	uint32_t _ptr_server_name;
+	uint32_t _ptr_domain_name;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_domain_name_0;
+	TALLOC_CTX *_mem_save_rid_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name));
+		if (_ptr_domain_name) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_name);
+		} else {
+			r->in.domain_name = NULL;
+		}
+		if (r->in.domain_name) {
+			_mem_save_domain_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name));
+			if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0);
+		}
+		NDR_PULL_ALLOC(ndr, r->out.rid);
+		ZERO_STRUCTP(r->out.rid);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rid);
+		}
+		_mem_save_rid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.rid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rid_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_NETRLOGONGETTRUSTRID(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONGETTRUSTRID *r)
+_PUBLIC_ void ndr_print_netr_LogonGetTrustRid(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonGetTrustRid *r)
 {
-	ndr_print_struct(ndr, name, "netr_NETRLOGONGETTRUSTRID");
+	ndr_print_struct(ndr, name, "netr_LogonGetTrustRid");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_NETRLOGONGETTRUSTRID");
+		ndr_print_struct(ndr, "in", "netr_LogonGetTrustRid");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
+		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "domain_name", r->in.domain_name);
+		ndr->depth++;
+		if (r->in.domain_name) {
+			ndr_print_string(ndr, "domain_name", r->in.domain_name);
+		}
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_NETRLOGONGETTRUSTRID");
+		ndr_print_struct(ndr, "out", "netr_LogonGetTrustRid");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "rid", r->out.rid);
 		ndr->depth++;
+		ndr_print_uint32(ndr, "rid", *r->out.rid);
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -14376,11 +14462,11 @@ static const struct ndr_interface_call netlogon_calls[] = {
 		false,
 	},
 	{
-		"netr_NETRLOGONGETTRUSTRID",
-		sizeof(struct netr_NETRLOGONGETTRUSTRID),
-		(ndr_push_flags_fn_t) ndr_push_netr_NETRLOGONGETTRUSTRID,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_NETRLOGONGETTRUSTRID,
-		(ndr_print_function_t) ndr_print_netr_NETRLOGONGETTRUSTRID,
+		"netr_LogonGetTrustRid",
+		sizeof(struct netr_LogonGetTrustRid),
+		(ndr_push_flags_fn_t) ndr_push_netr_LogonGetTrustRid,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_LogonGetTrustRid,
+		(ndr_print_function_t) ndr_print_netr_LogonGetTrustRid,
 		false,
 	},
 	{
diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h
index b1a5ce9973..9338aa760b 100644
--- a/source3/librpc/gen_ndr/ndr_netlogon.h
+++ b/source3/librpc/gen_ndr/ndr_netlogon.h
@@ -57,7 +57,7 @@ extern const struct ndr_interface_table ndr_table_netlogon;
 
 #define NDR_NETR_NETRLOGONSETSERVICEBITS (0x16)
 
-#define NDR_NETR_NETRLOGONGETTRUSTRID (0x17)
+#define NDR_NETR_LOGONGETTRUSTRID (0x17)
 
 #define NDR_NETR_NETRLOGONCOMPUTESERVERDIGEST (0x18)
 
@@ -227,7 +227,7 @@ void ndr_print_netr_NetrEnumerateTrustedDomains(struct ndr_print *ndr, const cha
 void ndr_print_netr_DsRGetDCName(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRGetDCName *r);
 void ndr_print_netr_NETRLOGONDUMMYROUTINE1(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONDUMMYROUTINE1 *r);
 void ndr_print_netr_NETRLOGONSETSERVICEBITS(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONSETSERVICEBITS *r);
-void ndr_print_netr_NETRLOGONGETTRUSTRID(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONGETTRUSTRID *r);
+void ndr_print_netr_LogonGetTrustRid(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonGetTrustRid *r);
 void ndr_print_netr_NETRLOGONCOMPUTESERVERDIGEST(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONCOMPUTESERVERDIGEST *r);
 void ndr_print_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r);
 void ndr_print_netr_ServerAuthenticate3(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerAuthenticate3 *r);
diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c
index ed80da2885..adbe549df0 100644
--- a/source3/librpc/gen_ndr/ndr_samr.c
+++ b/source3/librpc/gen_ndr/ndr_samr.c
@@ -91,17 +91,17 @@ _PUBLIC_ void ndr_print_samr_UserAccessMask(struct ndr_print *ndr, const char *n
 {
 	ndr_print_uint32(ndr, name, r);
 	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_GET_NAME_ETC", USER_ACCESS_GET_NAME_ETC, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_GET_LOCALE", USER_ACCESS_GET_LOCALE, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_SET_LOC_COM", USER_ACCESS_SET_LOC_COM, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_GET_LOGONINFO", USER_ACCESS_GET_LOGONINFO, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_GET_ATTRIBUTES", USER_ACCESS_GET_ATTRIBUTES, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_SET_ATTRIBUTES", USER_ACCESS_SET_ATTRIBUTES, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_CHANGE_PASSWORD", USER_ACCESS_CHANGE_PASSWORD, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_SET_PASSWORD", USER_ACCESS_SET_PASSWORD, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_GET_GROUPS", USER_ACCESS_GET_GROUPS, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_GET_GROUP_MEMBERSHIP", USER_ACCESS_GET_GROUP_MEMBERSHIP, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "USER_ACCESS_CHANGE_GROUP_MEMBERSHIP", USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_NAME_ETC", SAMR_USER_ACCESS_GET_NAME_ETC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_LOCALE", SAMR_USER_ACCESS_GET_LOCALE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_SET_LOC_COM", SAMR_USER_ACCESS_SET_LOC_COM, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_LOGONINFO", SAMR_USER_ACCESS_GET_LOGONINFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_ATTRIBUTES", SAMR_USER_ACCESS_GET_ATTRIBUTES, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_SET_ATTRIBUTES", SAMR_USER_ACCESS_SET_ATTRIBUTES, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_CHANGE_PASSWORD", SAMR_USER_ACCESS_CHANGE_PASSWORD, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_SET_PASSWORD", SAMR_USER_ACCESS_SET_PASSWORD, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_GROUPS", SAMR_USER_ACCESS_GET_GROUPS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP", SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP", SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, r);
 	ndr->depth--;
 }
 
@@ -123,17 +123,17 @@ _PUBLIC_ void ndr_print_samr_DomainAccessMask(struct ndr_print *ndr, const char
 {
 	ndr_print_uint32(ndr, name, r);
 	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_LOOKUP_INFO_1", DOMAIN_ACCESS_LOOKUP_INFO_1, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_SET_INFO_1", DOMAIN_ACCESS_SET_INFO_1, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_LOOKUP_INFO_2", DOMAIN_ACCESS_LOOKUP_INFO_2, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_SET_INFO_2", DOMAIN_ACCESS_SET_INFO_2, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_CREATE_USER", DOMAIN_ACCESS_CREATE_USER, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_CREATE_GROUP", DOMAIN_ACCESS_CREATE_GROUP, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_CREATE_ALIAS", DOMAIN_ACCESS_CREATE_ALIAS, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_LOOKUP_ALIAS", DOMAIN_ACCESS_LOOKUP_ALIAS, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_ENUM_ACCOUNTS", DOMAIN_ACCESS_ENUM_ACCOUNTS, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_OPEN_ACCOUNT", DOMAIN_ACCESS_OPEN_ACCOUNT, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_ACCESS_SET_INFO_3", DOMAIN_ACCESS_SET_INFO_3, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1", SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_SET_INFO_1", SAMR_DOMAIN_ACCESS_SET_INFO_1, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2", SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_SET_INFO_2", SAMR_DOMAIN_ACCESS_SET_INFO_2, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_CREATE_USER", SAMR_DOMAIN_ACCESS_CREATE_USER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_CREATE_GROUP", SAMR_DOMAIN_ACCESS_CREATE_GROUP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_CREATE_ALIAS", SAMR_DOMAIN_ACCESS_CREATE_ALIAS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS", SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS", SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT", SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_SET_INFO_3", SAMR_DOMAIN_ACCESS_SET_INFO_3, r);
 	ndr->depth--;
 }
 
@@ -155,11 +155,11 @@ _PUBLIC_ void ndr_print_samr_GroupAccessMask(struct ndr_print *ndr, const char *
 {
 	ndr_print_uint32(ndr, name, r);
 	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "GROUP_ACCESS_LOOKUP_INFO", GROUP_ACCESS_LOOKUP_INFO, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "GROUP_ACCESS_SET_INFO", GROUP_ACCESS_SET_INFO, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "GROUP_ACCESS_ADD_MEMBER", GROUP_ACCESS_ADD_MEMBER, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "GROUP_ACCESS_REMOVE_MEMBER", GROUP_ACCESS_REMOVE_MEMBER, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "GROUP_ACCESS_GET_MEMBERS", GROUP_ACCESS_GET_MEMBERS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_LOOKUP_INFO", SAMR_GROUP_ACCESS_LOOKUP_INFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_SET_INFO", SAMR_GROUP_ACCESS_SET_INFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_ADD_MEMBER", SAMR_GROUP_ACCESS_ADD_MEMBER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_REMOVE_MEMBER", SAMR_GROUP_ACCESS_REMOVE_MEMBER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_GET_MEMBERS", SAMR_GROUP_ACCESS_GET_MEMBERS, r);
 	ndr->depth--;
 }
 
@@ -181,11 +181,11 @@ _PUBLIC_ void ndr_print_samr_AliasAccessMask(struct ndr_print *ndr, const char *
 {
 	ndr_print_uint32(ndr, name, r);
 	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ALIAS_ACCESS_ADD_MEMBER", ALIAS_ACCESS_ADD_MEMBER, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ALIAS_ACCESS_REMOVE_MEMBER", ALIAS_ACCESS_REMOVE_MEMBER, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ALIAS_ACCESS_GET_MEMBERS", ALIAS_ACCESS_GET_MEMBERS, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ALIAS_ACCESS_LOOKUP_INFO", ALIAS_ACCESS_LOOKUP_INFO, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ALIAS_ACCESS_SET_INFO", ALIAS_ACCESS_SET_INFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_ADD_MEMBER", SAMR_ALIAS_ACCESS_ADD_MEMBER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_REMOVE_MEMBER", SAMR_ALIAS_ACCESS_REMOVE_MEMBER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_GET_MEMBERS", SAMR_ALIAS_ACCESS_GET_MEMBERS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_LOOKUP_INFO", SAMR_ALIAS_ACCESS_LOOKUP_INFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_SET_INFO", SAMR_ALIAS_ACCESS_SET_INFO, r);
 	ndr->depth--;
 }
 
diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c
index ab341436b4..a6ee1a5ddb 100644
--- a/source3/librpc/gen_ndr/ndr_security.c
+++ b/source3/librpc/gen_ndr/ndr_security.c
@@ -106,7 +106,6 @@ static enum ndr_err_code ndr_push_security_ace_object_type(struct ndr_push *ndr,
 		int level = ndr_push_get_switch_value(ndr, r);
 		switch (level) {
 			case SEC_ACE_OBJECT_TYPE_PRESENT:
-				NDR_CHECK(ndr_push_GUID(ndr, NDR_BUFFERS, &r->type));
 			break;
 
 			default:
@@ -135,7 +134,6 @@ static enum ndr_err_code ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
 	if (ndr_flags & NDR_BUFFERS) {
 		switch (level) {
 			case SEC_ACE_OBJECT_TYPE_PRESENT:
-				NDR_CHECK(ndr_pull_GUID(ndr, NDR_BUFFERS, &r->type));
 			break;
 
 			default:
@@ -180,7 +178,6 @@ static enum ndr_err_code ndr_push_security_ace_object_inherited_type(struct ndr_
 		int level = ndr_push_get_switch_value(ndr, r);
 		switch (level) {
 			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
-				NDR_CHECK(ndr_push_GUID(ndr, NDR_BUFFERS, &r->inherited_type));
 			break;
 
 			default:
@@ -209,7 +206,6 @@ static enum ndr_err_code ndr_pull_security_ace_object_inherited_type(struct ndr_
 	if (ndr_flags & NDR_BUFFERS) {
 		switch (level) {
 			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
-				NDR_CHECK(ndr_pull_GUID(ndr, NDR_BUFFERS, &r->inherited_type));
 			break;
 
 			default:
diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h
index 53aa350bed..64a70ca1a7 100644
--- a/source3/librpc/gen_ndr/netlogon.h
+++ b/source3/librpc/gen_ndr/netlogon.h
@@ -1200,8 +1200,14 @@ struct netr_NETRLOGONSETSERVICEBITS {
 };
 
 
-struct netr_NETRLOGONGETTRUSTRID {
+struct netr_LogonGetTrustRid {
 	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+		const char *domain_name;/* [unique,charset(UTF16)] */
+	} in;
+
+	struct {
+		uint32_t *rid;/* [ref] */
 		WERROR result;
 	} out;
 
diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h
index 2ac845ee92..c6a68e8bd5 100644
--- a/source3/librpc/gen_ndr/samr.h
+++ b/source3/librpc/gen_ndr/samr.h
@@ -39,44 +39,44 @@
 #define SAMR_ACCESS_OPEN_DOMAIN ( 0x00000020 )
 
 /* bitmap samr_UserAccessMask */
-#define USER_ACCESS_GET_NAME_ETC ( 0x00000001 )
-#define USER_ACCESS_GET_LOCALE ( 0x00000002 )
-#define USER_ACCESS_SET_LOC_COM ( 0x00000004 )
-#define USER_ACCESS_GET_LOGONINFO ( 0x00000008 )
-#define USER_ACCESS_GET_ATTRIBUTES ( 0x00000010 )
-#define USER_ACCESS_SET_ATTRIBUTES ( 0x00000020 )
-#define USER_ACCESS_CHANGE_PASSWORD ( 0x00000040 )
-#define USER_ACCESS_SET_PASSWORD ( 0x00000080 )
-#define USER_ACCESS_GET_GROUPS ( 0x00000100 )
-#define USER_ACCESS_GET_GROUP_MEMBERSHIP ( 0x00000200 )
-#define USER_ACCESS_CHANGE_GROUP_MEMBERSHIP ( 0x00000400 )
+#define SAMR_USER_ACCESS_GET_NAME_ETC ( 0x00000001 )
+#define SAMR_USER_ACCESS_GET_LOCALE ( 0x00000002 )
+#define SAMR_USER_ACCESS_SET_LOC_COM ( 0x00000004 )
+#define SAMR_USER_ACCESS_GET_LOGONINFO ( 0x00000008 )
+#define SAMR_USER_ACCESS_GET_ATTRIBUTES ( 0x00000010 )
+#define SAMR_USER_ACCESS_SET_ATTRIBUTES ( 0x00000020 )
+#define SAMR_USER_ACCESS_CHANGE_PASSWORD ( 0x00000040 )
+#define SAMR_USER_ACCESS_SET_PASSWORD ( 0x00000080 )
+#define SAMR_USER_ACCESS_GET_GROUPS ( 0x00000100 )
+#define SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP ( 0x00000200 )
+#define SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP ( 0x00000400 )
 
 /* bitmap samr_DomainAccessMask */
-#define DOMAIN_ACCESS_LOOKUP_INFO_1 ( 0x00000001 )
-#define DOMAIN_ACCESS_SET_INFO_1 ( 0x00000002 )
-#define DOMAIN_ACCESS_LOOKUP_INFO_2 ( 0x00000004 )
-#define DOMAIN_ACCESS_SET_INFO_2 ( 0x00000008 )
-#define DOMAIN_ACCESS_CREATE_USER ( 0x00000010 )
-#define DOMAIN_ACCESS_CREATE_GROUP ( 0x00000020 )
-#define DOMAIN_ACCESS_CREATE_ALIAS ( 0x00000040 )
-#define DOMAIN_ACCESS_LOOKUP_ALIAS ( 0x00000080 )
-#define DOMAIN_ACCESS_ENUM_ACCOUNTS ( 0x00000100 )
-#define DOMAIN_ACCESS_OPEN_ACCOUNT ( 0x00000200 )
-#define DOMAIN_ACCESS_SET_INFO_3 ( 0x00000400 )
+#define SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 ( 0x00000001 )
+#define SAMR_DOMAIN_ACCESS_SET_INFO_1 ( 0x00000002 )
+#define SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 ( 0x00000004 )
+#define SAMR_DOMAIN_ACCESS_SET_INFO_2 ( 0x00000008 )
+#define SAMR_DOMAIN_ACCESS_CREATE_USER ( 0x00000010 )
+#define SAMR_DOMAIN_ACCESS_CREATE_GROUP ( 0x00000020 )
+#define SAMR_DOMAIN_ACCESS_CREATE_ALIAS ( 0x00000040 )
+#define SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS ( 0x00000080 )
+#define SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS ( 0x00000100 )
+#define SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT ( 0x00000200 )
+#define SAMR_DOMAIN_ACCESS_SET_INFO_3 ( 0x00000400 )
 
 /* bitmap samr_GroupAccessMask */
-#define GROUP_ACCESS_LOOKUP_INFO ( 0x00000001 )
-#define GROUP_ACCESS_SET_INFO ( 0x00000002 )
-#define GROUP_ACCESS_ADD_MEMBER ( 0x00000004 )
-#define GROUP_ACCESS_REMOVE_MEMBER ( 0x00000008 )
-#define GROUP_ACCESS_GET_MEMBERS ( 0x00000010 )
+#define SAMR_GROUP_ACCESS_LOOKUP_INFO ( 0x00000001 )
+#define SAMR_GROUP_ACCESS_SET_INFO ( 0x00000002 )
+#define SAMR_GROUP_ACCESS_ADD_MEMBER ( 0x00000004 )
+#define SAMR_GROUP_ACCESS_REMOVE_MEMBER ( 0x00000008 )
+#define SAMR_GROUP_ACCESS_GET_MEMBERS ( 0x00000010 )
 
 /* bitmap samr_AliasAccessMask */
-#define ALIAS_ACCESS_ADD_MEMBER ( 0x00000001 )
-#define ALIAS_ACCESS_REMOVE_MEMBER ( 0x00000002 )
-#define ALIAS_ACCESS_GET_MEMBERS ( 0x00000004 )
-#define ALIAS_ACCESS_LOOKUP_INFO ( 0x00000008 )
-#define ALIAS_ACCESS_SET_INFO ( 0x00000010 )
+#define SAMR_ALIAS_ACCESS_ADD_MEMBER ( 0x00000001 )
+#define SAMR_ALIAS_ACCESS_REMOVE_MEMBER ( 0x00000002 )
+#define SAMR_ALIAS_ACCESS_GET_MEMBERS ( 0x00000004 )
+#define SAMR_ALIAS_ACCESS_LOOKUP_INFO ( 0x00000008 )
+#define SAMR_ALIAS_ACCESS_SET_INFO ( 0x00000010 )
 
 struct samr_SamEntry {
 	uint32_t idx;
diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h
index b87259c9cb..f37b5d70f0 100644
--- a/source3/librpc/gen_ndr/security.h
+++ b/source3/librpc/gen_ndr/security.h
@@ -184,8 +184,6 @@ enum sec_privilege
 #define SEC_ACE_FLAG_SUCCESSFUL_ACCESS ( 0x40 )
 #define SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 )
 
-;
-
 enum security_ace_type
 #ifndef USE_UINT_ENUMS
  {
@@ -217,8 +215,6 @@ enum security_ace_type
 #define SEC_ACE_OBJECT_TYPE_PRESENT ( 0x00000001 )
 #define SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT ( 0x00000002 )
 
-;
-
 union security_ace_object_type {
 	struct GUID type;/* [case(SEC_ACE_OBJECT_TYPE_PRESENT)] */
 }/* [nodiscriminant] */;
@@ -295,8 +291,6 @@ enum security_descriptor_revision
 #define SEC_DESC_RM_CONTROL_VALID ( 0x4000 )
 #define SEC_DESC_SELF_RELATIVE ( 0x8000 )
 
-;
-
 struct security_descriptor {
 	enum security_descriptor_revision revision;
 	uint16_t type;
@@ -329,6 +323,4 @@ struct security_token {
 #define SECINFO_PROTECTED_SACL ( 0x40000000 )
 #define SECINFO_PROTECTED_DACL ( 0x80000000 )
 
-;
-
 #endif /* _HEADER_security */
diff --git a/source3/librpc/gen_ndr/srv_netlogon.c b/source3/librpc/gen_ndr/srv_netlogon.c
index 421014e829..3f88d7f694 100644
--- a/source3/librpc/gen_ndr/srv_netlogon.c
+++ b/source3/librpc/gen_ndr/srv_netlogon.c
@@ -1866,18 +1866,18 @@ static bool api_netr_NETRLOGONSETSERVICEBITS(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_NETRLOGONGETTRUSTRID(pipes_struct *p)
+static bool api_netr_LogonGetTrustRid(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_NETRLOGONGETTRUSTRID *r;
+	struct netr_LogonGetTrustRid *r;
 
-	call = &ndr_table_netlogon.calls[NDR_NETR_NETRLOGONGETTRUSTRID];
+	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONGETTRUSTRID];
 
-	r = talloc(NULL, struct netr_NETRLOGONGETTRUSTRID);
+	r = talloc(NULL, struct netr_LogonGetTrustRid);
 	if (r == NULL) {
 		return false;
 	}
@@ -1901,10 +1901,17 @@ static bool api_netr_NETRLOGONGETTRUSTRID(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRLOGONGETTRUSTRID, r);
+		NDR_PRINT_IN_DEBUG(netr_LogonGetTrustRid, r);
 	}
 
-	r->out.result = _netr_NETRLOGONGETTRUSTRID(p, r);
+	ZERO_STRUCT(r->out);
+	r->out.rid = talloc_zero(r, uint32_t);
+	if (r->out.rid == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _netr_LogonGetTrustRid(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -1913,7 +1920,7 @@ static bool api_netr_NETRLOGONGETTRUSTRID(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRLOGONGETTRUSTRID, r);
+		NDR_PRINT_OUT_DEBUG(netr_LogonGetTrustRid, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -3806,7 +3813,7 @@ static struct api_struct api_netlogon_cmds[] =
 	{"NETR_DSRGETDCNAME", NDR_NETR_DSRGETDCNAME, api_netr_DsRGetDCName},
 	{"NETR_NETRLOGONDUMMYROUTINE1", NDR_NETR_NETRLOGONDUMMYROUTINE1, api_netr_NETRLOGONDUMMYROUTINE1},
 	{"NETR_NETRLOGONSETSERVICEBITS", NDR_NETR_NETRLOGONSETSERVICEBITS, api_netr_NETRLOGONSETSERVICEBITS},
-	{"NETR_NETRLOGONGETTRUSTRID", NDR_NETR_NETRLOGONGETTRUSTRID, api_netr_NETRLOGONGETTRUSTRID},
+	{"NETR_LOGONGETTRUSTRID", NDR_NETR_LOGONGETTRUSTRID, api_netr_LogonGetTrustRid},
 	{"NETR_NETRLOGONCOMPUTESERVERDIGEST", NDR_NETR_NETRLOGONCOMPUTESERVERDIGEST, api_netr_NETRLOGONCOMPUTESERVERDIGEST},
 	{"NETR_NETRLOGONCOMPUTECLIENTDIGEST", NDR_NETR_NETRLOGONCOMPUTECLIENTDIGEST, api_netr_NETRLOGONCOMPUTECLIENTDIGEST},
 	{"NETR_SERVERAUTHENTICATE3", NDR_NETR_SERVERAUTHENTICATE3, api_netr_ServerAuthenticate3},
diff --git a/source3/librpc/gen_ndr/srv_netlogon.h b/source3/librpc/gen_ndr/srv_netlogon.h
index dc91cf5c0c..fb6ed9fa90 100644
--- a/source3/librpc/gen_ndr/srv_netlogon.h
+++ b/source3/librpc/gen_ndr/srv_netlogon.h
@@ -24,7 +24,7 @@ WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p, struct netr_NetrEnumer
 WERROR _netr_DsRGetDCName(pipes_struct *p, struct netr_DsRGetDCName *r);
 WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p, struct netr_NETRLOGONDUMMYROUTINE1 *r);
 WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p, struct netr_NETRLOGONSETSERVICEBITS *r);
-WERROR _netr_NETRLOGONGETTRUSTRID(pipes_struct *p, struct netr_NETRLOGONGETTRUSTRID *r);
+WERROR _netr_LogonGetTrustRid(pipes_struct *p, struct netr_LogonGetTrustRid *r);
 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p, struct netr_NETRLOGONCOMPUTESERVERDIGEST *r);
 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p, struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r);
 NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, struct netr_ServerAuthenticate3 *r);
diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl
index be6c4c76a9..fe4cd13763 100644
--- a/source3/librpc/idl/netlogon.idl
+++ b/source3/librpc/idl/netlogon.idl
@@ -993,7 +993,11 @@ interface netlogon
 
 	/****************/
 	/* Function 0x17 */
-	WERROR netr_NETRLOGONGETTRUSTRID();
+	WERROR netr_LogonGetTrustRid(
+		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in] [string,charset(UTF16)] uint16 *domain_name,
+		[out,ref] uint32 *rid
+	);
 
 	/****************/
 	/* Function 0x18 */
diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl
index dbe633f0a5..2c4fef5a7d 100644
--- a/source3/librpc/idl/samr.idl
+++ b/source3/librpc/idl/samr.idl
@@ -51,47 +51,47 @@ import "misc.idl", "lsa.idl", "security.idl";
 	} samr_ConnectAccessMask;
 
 	typedef [bitmap32bit] bitmap {
-		USER_ACCESS_GET_NAME_ETC             = 0x00000001,
-		USER_ACCESS_GET_LOCALE               = 0x00000002,
-		USER_ACCESS_SET_LOC_COM              = 0x00000004,
-		USER_ACCESS_GET_LOGONINFO            = 0x00000008,
-		USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
-		USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
-		USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
-		USER_ACCESS_SET_PASSWORD             = 0x00000080,
-		USER_ACCESS_GET_GROUPS               = 0x00000100,
-		USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
-		USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
+		SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
+		SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
+		SAMR_USER_ACCESS_SET_LOC_COM              = 0x00000004,
+		SAMR_USER_ACCESS_GET_LOGONINFO            = 0x00000008,
+		SAMR_USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
+		SAMR_USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
+		SAMR_USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
+		SAMR_USER_ACCESS_SET_PASSWORD             = 0x00000080,
+		SAMR_USER_ACCESS_GET_GROUPS               = 0x00000100,
+		SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
+		SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
 	} samr_UserAccessMask;
 
 	typedef [bitmap32bit] bitmap {
-		DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
-		DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
-		DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
-		DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
-		DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
-		DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
-		DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
-		DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
-		DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
-		DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
-		DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
+		SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
+		SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
+		SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
+		SAMR_DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
+		SAMR_DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
+		SAMR_DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
+		SAMR_DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
+		SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
+		SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
+		SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
+		SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
 	} samr_DomainAccessMask;
 
 	typedef [bitmap32bit] bitmap {
-		GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
-		GROUP_ACCESS_SET_INFO        = 0x00000002,
-		GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
-		GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
-		GROUP_ACCESS_GET_MEMBERS     = 0x00000010
+		SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
+		SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
+		SAMR_GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
+		SAMR_GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
+		SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
 	} samr_GroupAccessMask;
 
 	typedef [bitmap32bit] bitmap {
-		ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
-		ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
-		ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
-		ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
-		ALIAS_ACCESS_SET_INFO        = 0x00000010
+		SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
+		SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
+		SAMR_ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
+		SAMR_ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
+		SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
 	} samr_AliasAccessMask;
 
 	/******************/
diff --git a/source3/libsmb/doserr.c b/source3/libsmb/doserr.c
index 174db312c8..a3043a2152 100644
--- a/source3/libsmb/doserr.c
+++ b/source3/libsmb/doserr.c
@@ -73,6 +73,7 @@ werror_code_struct dos_errs[] =
 	{ "WERR_DFS_NO_SUCH_SERVER", WERR_DFS_NO_SUCH_SERVER },
 	{ "WERR_DFS_INTERNAL_ERROR", WERR_DFS_INTERNAL_ERROR },
 	{ "WERR_DFS_CANT_CREATE_JUNCT", WERR_DFS_CANT_CREATE_JUNCT },
+	{ "WERR_INVALID_COMPUTER_NAME", WERR_INVALID_COMPUTER_NAME },
 	{ "WERR_MACHINE_LOCKED", WERR_MACHINE_LOCKED },
 	{ "WERR_DC_NOT_FOUND", WERR_DC_NOT_FOUND },
 	{ "WERR_SETUP_NOT_JOINED", WERR_SETUP_NOT_JOINED },
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 2c1f7e0f11..64c8b75cd8 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -539,6 +539,47 @@ static NTSTATUS cmd_netlogon_change_trust_pw(struct rpc_pipe_client *cli,
         return result;
 }
 
+static WERROR cmd_netlogon_gettrustrid(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx, int argc,
+				       const char **argv)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr = WERR_GENERAL_FAILURE;
+	const char *server_name = cli->cli->desthost;
+	const char *domain_name = lp_workgroup();
+	uint32_t rid = 0;
+
+	if (argc < 1 || argc > 3) {
+		fprintf(stderr, "Usage: %s <server_name> <domain_name>\n",
+			argv[0]);
+		return WERR_OK;
+	}
+
+	if (argc >= 2) {
+		server_name = argv[1];
+	}
+
+	if (argc >= 3) {
+		domain_name = argv[2];
+	}
+
+	status = rpccli_netr_LogonGetTrustRid(cli, mem_ctx,
+					      server_name,
+					      domain_name,
+					      &rid,
+					      &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		printf("Rid: %d\n", rid);
+	}
+ done:
+	return werr;
+}
+
+
 
 /* List of commands exported by this module */
 
@@ -558,6 +599,7 @@ struct cmd_set netlogon_commands[] = {
 	{ "samdeltas",  RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas,  NULL, PI_NETLOGON, NULL, "Query Sam Deltas",    "" },
 	{ "samlogon",   RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon,   NULL, PI_NETLOGON, NULL, "Sam Logon",           "" },
 	{ "change_trust_pw",   RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw,   NULL, PI_NETLOGON, NULL, "Change Trust Account Password",           "" },
+	{ "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, PI_NETLOGON, NULL, "Get trust rid",     "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 5b42c6bc0e..1bb13f3fe0 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1483,10 +1483,11 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
 	/* Create domain user */
 
 	acb_info = ACB_NORMAL;
-	acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
-			SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
-			SAMR_STANDARD_DELETE | SAMR_USER_SETPASS |
-			SAMR_USER_GETATTR | SAMR_USER_SETATTR;
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
 
 	result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
 					  acct_name, acb_info, acct_flags,
diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c
index a98f090e62..1c34a3b60e 100644
--- a/source3/utils/net_domain.c
+++ b/source3/utils/net_domain.c
@@ -245,12 +245,14 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
 	const_acct_name = acct_name;
 
 	/* Don't try to set any acb_info flags other than ACB_WSTRUST */
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
 
-        acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
-                SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
-                SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
-                SAMR_USER_SETATTR;
 	DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
 	status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
 			acct_name, acb_info, acct_flags, &user_pol, &user_rid);
 
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index b08a93627d..46fbcfb8ca 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -618,10 +618,11 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
 	/* Create domain user */
 
 	acb_info = ACB_NORMAL;
-	acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
-		SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
-		SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
-		SAMR_USER_SETATTR;
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
 
 	result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
 					  acct_name, acb_info, acct_flags,
@@ -5378,11 +5379,12 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
 	}
 
 	/* Create trusting domain's account */
-	acb_info = ACB_NORMAL; 
-        acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
-                SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
-                SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
-                SAMR_USER_SETATTR;
+	acb_info = ACB_NORMAL;
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
 
 	result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
 					  acct_name, acb_info, acct_flags,
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 5c3fb2b2ff..271219938e 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -250,11 +250,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 	strlower_m(acct_name);
 	const_acct_name = acct_name;
 
-        acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
-                SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
-                SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
-                SAMR_USER_SETATTR;
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
 	DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
 	result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
 					  acct_name, acb_info,
 					  acct_flags, &user_pol,