From b3b93aaa3f3aee9bc48edea4c00613b5f8fe9f73 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 7 Mar 2004 08:22:06 +0000 Subject: Get us a little closer to Windows LSA semantics. A windows DC does not reply to DCNAME\\Administrator, only to DOMAIN\\Administrator. Fix that. Without winbind we are wrong as domain members, we should forward the request DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that nicely. Volker (This used to be commit 7ed61edbbedbdee25f750aa30c13479764aa1af2) --- WHATSNEW.txt | 1 + source3/passdb/lookup_sid.c | 11 +---------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 82522d047a..8a36ac02bb 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -154,6 +154,7 @@ o Volker Lendecke * Implement 'net groupmap set' and 'net groupmap cleanup'. * Add 'net rpc group [add|del]mem' for domain groups and aliases. * Fix wb_delgrpmem (wbinfo -o) + * As a DC we should not reply to lsalookupnames on DCNAME\\user o Herb Lewis diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 425c9b87f1..83d2cd28ac 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -36,16 +36,7 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N /* If we are looking up a domain user, make sure it is for the local machine only */ - if (strequal(global_myname(), domain)) { - local_lookup = True; - } else if (lp_server_role() == ROLE_DOMAIN_PDC || - lp_server_role() == ROLE_DOMAIN_BDC) { - if (strequal(domain, lp_workgroup())) { - local_lookup = True; - } - } - - if (local_lookup) { + if (strequal(domain, get_global_sam_name())) { if (local_lookup_name(name, psid, name_type)) { DEBUG(10, ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %s: %u)\n", -- cgit