Here's a patch for net_ads.c that will allow the realm to be specified with -U, such as:
net ads join -U [EMAIL PROTECTED] This is for SAMBA_3_0 -- I presume it's very similar for HEAD. I noticed that net is getting this message: net in free(): warning: chunk is already free. It gets it with or without my patch, so something's being doubly-deallocated. Enjoy! Ken ________________________________ Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] > -----Original Message----- > From: Andrew Bartlett [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 06, 2003 3:38 PM > To: Ken Cross > Cc: 'Multiple recipients of list SAMBA-TECHNICAL' > Subject: Re: Joining domains specifying auth realm > > > On Fri, 2003-03-07 at 03:44, Ken Cross wrote: > > Samba-folk: > > > > I've run into a problem that I'd like to throw open for a general > > solution. > > > > The problem is joining an Active Directory, say > AD1.COMPANY.COM, but > > specifying a different authentication realm for the > username/password, > > say AD2.COMPANY.COM. For instance, this currently fails: > > > > net ads join AD1 -U username%password > > > > No matter what is specified on the command line or smb.conf > (that I've > > found), it always tries to authenticate using > > "[EMAIL PROTECTED]". > > > > How should we allow an alternate authentication domain be specified? > > Maybe: > > > > net ads join AD1 -U [EMAIL PROTECTED] > > > > or > > > > net ads join AD1 -A AD2.COMPANY.COM -U username%password > > > > Or have I missed something fundamental? > > If you kinit first, it should 'just work', but if you want to > add the code so that we can login with -U > [EMAIL PROTECTED] then this would be much > appreciated! (To make it easy, just do it for kerberos logins) > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net >
Index: net_ads.c =================================================================== RCS file: /cvsroot/samba/source/utils/net_ads.c,v retrieving revision 1.37.2.12 diff -p -u -r1.37.2.12 net_ads.c --- net_ads.c 24 Feb 2003 03:06:45 -0000 1.37.2.12 +++ net_ads.c 11 Mar 2003 14:56:28 -0000 @@ -122,6 +122,7 @@ static ADS_STRUCT *ads_startup(void) ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; + char *cp; ads = ads_init(NULL, NULL, opt_host); @@ -147,6 +148,16 @@ retry: ads->auth.user_name = strdup(opt_user_name); + /* + * If the username is of the form "[EMAIL PROTECTED]", + * extract the realm and convert to upper case. + */ + if (cp = strchr(ads->auth.user_name, '@')) { + *cp++ = '\0'; + ads->auth.realm = strdup(cp); + strupper(ads->auth.realm); + } + status = ads_connect(ads); if (!ADS_ERR_OK(status)) { if (!need_password && !second_time) {