summaryrefslogtreecommitdiff
path: root/source3/libsmb/namequery_dc.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20874: We need to distinguish client sitenames per realm. We were overwritingGünther Deschner1-3/+5
the stored client sitename with the sitename from each sucessfull CLDAP connection. Guenther (This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
2007-10-10r20857: Silence gives assent :-). Checking in the fix forJeremy Allison1-1/+2
site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
2007-10-10r20296: If we're going to overwrite krb5.confJeremy Allison1-1/+19
only do it for our primary domain. Jeremy. (This used to be commit 61d31ce0089fe906d052c971321ce99fede0e240)
2007-10-10r19651: Fix interesting bug with the automatic site coverage in Active ↵Günther Deschner1-1/+1
Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther (This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
2007-10-10r19249: Attempt to fix a site lookup bug found by Guenther.Jeremy Allison1-0/+3
- "The problem is, with a fresh system, we don't know our sitename, therefor we do a stupid DNS query for all DCs. The reply we get is a round-robin list of all 21 DCs, we just pick the first, contact that and safe that INET.COM#1C query in the name cache for later use... What we need to do if we don't yet know our sitename, is to contact to any DC, get the CLDAP reply to tell us in which site we are, then flush the namecache and requery DNS including the sitename" Implement the flushing of the #1C entries for a given NetBIOS name/realm when looking up the site value. Jeremy. (This used to be commit b2d1e44f59d32c91b1d48eacd1a158ba7b65762d)
2007-10-10r17945: Store the server and client sitenames in the ADSJeremy Allison1-2/+2
struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
2007-10-10r17943: The horror, the horror. Add KDC site support byJeremy Allison1-7/+20
writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
2007-10-10r17933: Don't print a NULL sitename.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 2829dbc3e01d967887e25d1bcacb1d538fc11e59)
2007-10-10r17929: Ok, I think I finally figured out where to putJeremy Allison1-12/+42
the code to redo the CLDAP query to restrict DC DNS lookups to the sitename. Jerry, please check to stop me going insane :-). Jeremy. (This used to be commit 8d22cc111579c57aec65be8884b41564b79b133a)
2007-10-10r17881: Another microstep towards better error reporting: Make ↵Volker Lendecke1-1/+2
get_sorted_dc_list return NTSTATUS. If we want to differentiate different name resolution problems we might want to introduce yet another error class for Samba-internal errors. Things like no route to host to the WINS server, a DNS server explicitly said host not found etc might be worth passing up. Because we can not stash everything into the existing NT_STATUS codes, what about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP? Volker (This used to be commit 60a166f0347170dff38554bed46193ce1226c8c1)
2007-10-10r13310: first round of server affinity patches for winbindd & net ads joinGerald Carter1-28/+0
(This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330)
2007-10-10r539: Mem leak fixes from kawasa_r@itg.hitachi.co.jpJeremy Allison1-1/+3
Jeremy. (This used to be commit 8fe47b0bf27a8ae690ab0fcff377c8fc12919f43)
2004-01-05Change our Domain controller lookup routines to more carefully seperateAndrew Bartlett1-16/+11
DNS names (realms) from NetBIOS domain names. Until now, we would experience delays as we broadcast lookups for DNS names onto the local network segments. Now if DNS comes back negative, we fall straight back to looking up the short name. Andrew Bartlett (This used to be commit 32397c8b01f1dec7b05140d210bb32f836a80ca6)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-1/+1
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-08-08fix 2 bugs:Gerald Carter1-3/+13
1) don't ask trusted DC's for a list of trusted domains. This causes us to treat non-transitive ones as if they were transitive. Not needed anyways 2) Fix dc lookup bug where we would always try to use DNS to resolve the DC's for a domain (even if it was a trusted NT4 domain). (This used to be commit 4d3acce5066d3adf53ee8fbaa627c42523b3cbc3)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-1/+1
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-30* cleanup more DC name resolution issues in check_*domain_security()Gerald Carter1-1/+70
* is_trusted_domain() is broken without winbind. Still working on this. * get_global_sam_name() should return the workgroup name unless we are a standalone server (verified by volker) * Get_Pwnam() should always fall back to the username (minus domain name) even if it is not our workgroup so that TRUSTEDOMAIN\user can logon if 'user' exists in the local list of accounts (on domain members w/o winbind) Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0 domain member not running winbindd. notes: make_user_info_map() is slightly broken now due to the fact that is_trusted_domain() only works with winbindd. disabled checks temporarily until I can sort this out. (This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e)
2003-06-25large change:Gerald Carter1-146/+9
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-23* s/get_dc_name/rpc_dc_name/g (revert a previous change)Gerald Carter1-67/+9
* move back to qsort() for sorting IP address in get_dc_list() * remove dc_name_cache in cm_get_dc_name() since it slowed things down more than it helped. I've made a note of where to add in the negative connection cache in the ads code. Will come back to that. * fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead of MAX_ALLOWED) * only enumerate domain local groups in our domain * simplify ldap search for seqnum in winbindd's rpc backend (This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)
2003-06-13Forward port the app-head changes for dc name cache into 3.0.Jeremy Allison1-17/+78
Jeremy. (This used to be commit 8bcc3116a22ce11b55a35f3363230f54bc5735fc)
2003-06-06merge from APP_HEAD. Push negative connection cacheGerald Carter1-7/+148
into rpc_find_dc(). Should probably be extended some more in 3.0 but this is what we have for the moment. (This used to be commit 0e23abf95cf7ba2d0a314a34bddb4d46de2a3cd1)
2002-12-12merge of get_dc_name()-like code from APP_HEAD; better support password ↵Gerald Carter1-0/+104
server = DC1 * (This used to be commit 6b18ca9511ddcf1718f222af3f61491d1e5f3b60)