Get us a little closer to Windows LSA semantics.

A windows DC does not reply to DCNAME\\Administrator, only to
DOMAIN\\Administrator. Fix that.

Without winbind we are wrong as domain members, we should forward the request
DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that
nicely.

Volker

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 82522d047ae910ac5b43b72ba04a9090e49eac7e..8a36ac02bb036bc80b71db7ca22e2be6502edb88 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -154,6 +154,7 @@ o   Volker Lendecke <vl@samba.org>
     * Implement 'net groupmap set' and 'net groupmap cleanup'.
     * Add 'net rpc group [add|del]mem' for domain groups and aliases.
     * Fix wb_delgrpmem (wbinfo -o)
+    * As a DC we should not reply to lsalookupnames on DCNAME\\user
 
 
 o   Herb Lewis <herb@samba.org>

diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c
index 425c9b87f10d2a9ef435961c2c62a6828de4e2c5..83d2cd28ac67d0c59398d28a40fda7ca8d7306d5 100644 (file)
--- a/source/passdb/lookup_sid.c
+++ b/source/passdb/lookup_sid.c
@@ -36,16 +36,7 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N
        /* If we are looking up a domain user, make sure it is
           for the local machine only */
        
-       if (strequal(global_myname(), domain)) {
-               local_lookup = True;
-       } else if (lp_server_role() == ROLE_DOMAIN_PDC || 
-                  lp_server_role() == ROLE_DOMAIN_BDC) {
-               if (strequal(domain, lp_workgroup())) {
-                       local_lookup = True;
-               }
-       }
-               
-       if (local_lookup) {
+       if (strequal(domain, get_global_sam_name())) {
                if (local_lookup_name(name, psid, name_type)) {
                        DEBUG(10,
                              ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %s: %u)\n",