diff options
author | Alexander Bokovoy <ab@samba.org> | 2018-02-24 14:34:44 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-08-13 12:56:35 +0200 |
commit | 04a8995fd0b8fe4f9ab59e91b51b0d9bdf1a04c4 (patch) | |
tree | 9248ded4c1ad1d98f84ac55843b90dd976cdd488 /python | |
parent | 4b3ac377a6e8aed03a8e8c478768a32bf6b78fba (diff) | |
download | samba-04a8995fd0b8fe4f9ab59e91b51b0d9bdf1a04c4.tar.gz |
samba-tool trust: support discovery via netr_GetDcName
In case a remote DC does not support netr_DsRGetDCNameEx2(),
use netr_GetDcName() instead.
This should help with FreeIPA where embedded smbd runs as a domain
controller but does not implement full Active Directory compatibility.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13538
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Jul 24 09:55:23 CEST 2018 on sn-devel-144
(cherry picked from commit c390728819e73cefbf02e0d52d22805930f4c45b)
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/netcmd/domain.py | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index 2cb14f150ec..38c800c711b 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -1824,6 +1824,15 @@ class DomainTrustCommand(Command): return (policy, info) + def get_netlogon_dc_unc(self, conn, server, domain): + try: + info = conn.netr_DsRGetDCNameEx2(server, + None, 0, None, None, None, + netlogon.DS_RETURN_DNS_NAME) + return info.dc_unc + except RuntimeError: + return conn.netr_GetDcName(server, domain) + def get_netlogon_dc_info(self, conn, server): info = conn.netr_DsRGetDCNameEx2(server, None, 0, None, None, None, @@ -2458,7 +2467,8 @@ class cmd_domain_trust_create(DomainTrustCommand): raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server") try: - remote_netlogon_info = self.get_netlogon_dc_info(remote_netlogon, remote_server) + remote_netlogon_dc_unc = self.get_netlogon_dc_unc(remote_netlogon, + remote_server, domain) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info") @@ -2608,9 +2618,9 @@ class cmd_domain_trust_create(DomainTrustCommand): # this triggers netr_GetForestTrustInformation to our domain. # and lsaRSetForestTrustInformation() remotely, but new top level # names are disabled by default. - remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_info.dc_unc, - local_lsa_info.dns_domain.string, - netlogon.DS_GFTI_UPDATE_TDO) + remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc, + local_lsa_info.dns_domain.string, + netlogon.DS_GFTI_UPDATE_TDO) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed") @@ -2661,10 +2671,10 @@ class cmd_domain_trust_create(DomainTrustCommand): if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND: self.outf.write("Validating incoming trust...\n") try: - remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_info.dc_unc, - netlogon.NETLOGON_CONTROL_TC_VERIFY, - 2, - local_lsa_info.dns_domain.string) + remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc, + netlogon.NETLOGON_CONTROL_TC_VERIFY, + 2, + local_lsa_info.dns_domain.string) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed") |