diff options
author | Alexander Bokovoy <ab@samba.org> | 2018-02-24 14:34:44 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-07-31 12:36:25 +0200 |
commit | 0b3e00a622ce5af3acf9cba936b6993123955002 (patch) | |
tree | 7def53430db4472633a75e84a142c5b0101cabd5 /python | |
parent | a3c26b35d6839d6aabcc8c862200270b11d2b22c (diff) | |
download | samba-0b3e00a622ce5af3acf9cba936b6993123955002.tar.gz |
samba-tool trust: support discovery via netr_GetDcName
In case a remote DC does not support netr_DsRGetDCNameEx2(),
use netr_GetDcName() instead.
This should help with FreeIPA where embedded smbd runs as a domain
controller but does not implement full Active Directory compatibility.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13538
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Jul 24 09:55:23 CEST 2018 on sn-devel-144
(cherry picked from commit c390728819e73cefbf02e0d52d22805930f4c45b)
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/netcmd/domain.py | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index 86249073652..1d34d0620eb 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -1869,6 +1869,15 @@ class DomainTrustCommand(Command): return (policy, info) + def get_netlogon_dc_unc(self, conn, server, domain): + try: + info = conn.netr_DsRGetDCNameEx2(server, + None, 0, None, None, None, + netlogon.DS_RETURN_DNS_NAME) + return info.dc_unc + except RuntimeError: + return conn.netr_GetDcName(server, domain) + def get_netlogon_dc_info(self, conn, server): info = conn.netr_DsRGetDCNameEx2(server, None, 0, None, None, None, @@ -2502,7 +2511,8 @@ class cmd_domain_trust_create(DomainTrustCommand): raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server") try: - remote_netlogon_info = self.get_netlogon_dc_info(remote_netlogon, remote_server) + remote_netlogon_dc_unc = self.get_netlogon_dc_unc(remote_netlogon, + remote_server, domain) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info") @@ -2652,9 +2662,9 @@ class cmd_domain_trust_create(DomainTrustCommand): # this triggers netr_GetForestTrustInformation to our domain. # and lsaRSetForestTrustInformation() remotely, but new top level # names are disabled by default. - remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_info.dc_unc, - local_lsa_info.dns_domain.string, - netlogon.DS_GFTI_UPDATE_TDO) + remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc, + local_lsa_info.dns_domain.string, + netlogon.DS_GFTI_UPDATE_TDO) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed") @@ -2705,10 +2715,10 @@ class cmd_domain_trust_create(DomainTrustCommand): if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND: self.outf.write("Validating incoming trust...\n") try: - remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_info.dc_unc, - netlogon.NETLOGON_CONTROL_TC_VERIFY, - 2, - local_lsa_info.dns_domain.string) + remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc, + netlogon.NETLOGON_CONTROL_TC_VERIFY, + 2, + local_lsa_info.dns_domain.string) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed") |