r16256: sync up to r16255 from SAMBA_3_0

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9ef2c133e7450d14c49cfd2f048d72a8b78b6682..8095d0b4d4572aeea5f125a02ef289e4a3c13eb8 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -36,6 +36,8 @@ o   Jeremy Allison <jra@samba.org>
 
 o   Gerald (Jerry) Carter <jerry@samba.org>
     * Fix 'make install' problem when building outside source/.
+    * Fix 'net ads join' when the workgroup is set incorrectly in 
+      smb.conf.
 
 
 o   Guenther Deschner <gd@samba.org>

diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 11eb21df446effcbee6d2a5766a7cc5596062083..467e652ca991a45b3e27f6aaf61cb878d87c6874 100644 (file)
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -2446,15 +2446,18 @@ struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
                return NULL;
        }
 
+       /* A DC should use DOMAIN$ as its account name.
+          A member server can only use it's machine name since it
+          does not have an account in a trusted domain.
+
+          We don't check the domain against lp_workgroup() here since
+          'net ads join' has to continue to work with only the realm
+          specified in smb.conf.  -- jerry */
+
         if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
                fstrcpy( machine_account, lp_workgroup() );
         } else {
-                /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
-                if (strequal(domain, lp_workgroup())) {
-                        fstrcpy(machine_account, global_myname());
-                } else {
-                        fstrcpy(machine_account, domain);
-                }
+               fstrcpy(machine_account, global_myname());
         }
 
        *perr = rpccli_netlogon_setup_creds(netlogon_pipe,
@@ -2716,9 +2719,9 @@ struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli,
                return NULL;
        }
 
-       /* Default service principal is "host/server@realm" */
+       /* Default service principal is "desthost$@realm" */
        if (!service_princ) {
-               service_princ = talloc_asprintf(result->mem_ctx, "host/%s@%s",
+               service_princ = talloc_asprintf(result->mem_ctx, "%s$@%s",
                        cli->desthost, lp_realm() );
                if (!service_princ) {
                        cli_rpc_pipe_close(result);

diff --git a/source/utils/pdbedit.c b/source/utils/pdbedit.c
index 7d95d15bf27b9ea9c0aace752d56089a9d6f90ec..0a6fb7e8bec82fd0020b86e8bf0f3c0a9543a30d 100644 (file)
--- a/source/utils/pdbedit.c
+++ b/source/utils/pdbedit.c
@@ -628,6 +628,11 @@ static int new_machine (struct pdb_methods *in, const char *machine_in)
        
        get_global_sam_sid();
 
+       if (strlen(machine_in) == 0) {
+               fprintf(stderr, "No machine name given\n");
+               return -1;
+       }
+
        fstrcpy(machinename, machine_in); 
        machinename[15]= '\0';
 
@@ -708,6 +713,11 @@ static int delete_machine_entry (struct pdb_methods *in, const char *machinename
 {
        fstring name;
        struct samu *samaccount = NULL;
+
+       if (strlen(machinename) == 0) {
+               fprintf(stderr, "No machine name given\n");
+               return -1;
+       }
        
        fstrcpy(name, machinename);
        name[15] = '\0';