samba - Sep 2008 - [SOLVED] Howto auth against an NT domain I don't control?

After many more hours of searching, I found someone else in the exact same
situation as me.  But even better, he figured it out and posted a patch!

http://lists.samba.org/archive/samba-technical/2008-February/057829.html

Thank you Claude!

-- 
http://theamigo.blogspot.com

> After many more hours of searching, I found someone else in the exact same
> situation as me.
Not only him.  I also had the same problem, but applied a simpler patch. 
  The client has already sent what it wants you to use, so just use it. 
  I can't see why you wouldn't want to do so.  You have already decided 
to trust a Windows authentication server, so why not send it the domain 
that the client has asked you to?  If the credentials as duff then the 
Windows server will say so.  To replace the domain name with one which 
has absolutely *nothing* to do with the client, and hence makes the 
authentication bound to fail, unless it happens to be the default domain 
of the DC, seems completely wrong to me.

This was what I used:

==================--- auth_util.c.orig    Wed May 28 13:41:11 2008
+++ auth_util.c Fri Jun  6 10:43:03 2008
@@ -173,7 +173,11 @@
            and let the "passdb backend" handle unknown users. */

         if ( !is_trusted_domain(domain) && !strequal(domain, 
get_global_sam_name()) )
+       {
+/* XXX - Leave alone if SEC_SERVER */
+               if ( lp_security() != SEC_SERVER )
                 domain = my_sam_name();
+       }

         /* we know that it is a trusted domain (and we are allowing 
them) or it is our domain */

=================
The original report, and reply, is at:

http://fixunix.com/samba/381697-samba-using-windows-dc-security-server-mode.html

How does one go about getting this fixed in the Samba code base?