responses to UDP samquery go back to SERVER<00> not DOMAIN<1c>, the

request name.

modified createuser rpcclient command to examine name being added.  if it
ends in a $, assume that a workstation trust account is being added.

source/nmbd/nmbd_packets.c

@@ -1864,7 +1864,7 @@ BOOL send_mailslot(BOOL unique, char *mailslot,char *buf,int len,
 
   /* DIRECT GROUP or UNIQUE datagram. */
   dgram->header.msg_type = unique ? 0x10 : 0x11; 
-  dgram->header.flags.node_type = M_NODE;
+  dgram->header.flags.node_type = M_NODE | 0x40;
   dgram->header.flags.first = True;
   dgram->header.flags.more = False;
   dgram->header.dgm_id = name_trn_id;

source/nmbd/nmbd_processlogon.c

@@ -166,10 +166,10 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
 
       send_mailslot(True, getdc,
                   outbuf,PTR_DIFF(q,outbuf),
-                  dgram->dest_name.name,
-                  dgram->dest_name.name_type,
-                  dgram->source_name.name,
-                  dgram->source_name.name_type,
+                  my_name,
+                  0x0,
+                    dgram->source_name.name,
+                    dgram->source_name.name_type,
                   p->ip, *iface_ip(p->ip), p->port);  
       return;
     }
@@ -258,10 +258,10 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
 
       send_mailslot(True, getdc,
                    outbuf,PTR_DIFF(q,outbuf),
-                   dgram->dest_name.name,
-                   dgram->dest_name.name_type,
-                   dgram->source_name.name,
-                   dgram->source_name.name_type,
+                  my_name,
+                  0x0,
+                    dgram->source_name.name,
+                    dgram->source_name.name_type,
                    p->ip, *iface_ip(p->ip), p->port);  
       break;
     }

source/rpc_server/srv_samr.c

@@ -2750,8 +2750,9 @@ static void samr_reply_create_user(SAMR_Q_CREATE_USER *q_u,
 	SAMR_R_CREATE_USER r_u;
 	POLICY_HND pol;
 	uint32 status = 0x0;
-	uint32 user_rid = 0xffffffff;
+	uint32 user_rid = 0x0;
 	BOOL pol_open = False;
+	uint32 unk_0 = 0x30;
 
 	/* find the machine account: tell the caller if it exists.
 	   lkclXXXX i have *no* idea if this is a problem or not
@@ -2786,7 +2787,7 @@ static void samr_reply_create_user(SAMR_Q_CREATE_USER *q_u,
 		pstring msg_str;
 
 		if (!local_password_change(user_name, True,
-		          q_u->acb_info | ACB_DISABLED, 0xffff,
+		          q_u->acb_info | ACB_DISABLED | ACB_PWNOTREQ, 0xffff,
 		          NULL,
 		          err_str, sizeof(err_str),
 		          msg_str, sizeof(msg_str)))
@@ -2805,6 +2806,7 @@ static void samr_reply_create_user(SAMR_Q_CREATE_USER *q_u,
 			else
 			{
 				user_rid = sam_pass->user_rid;
+				unk_0 = 0x000703ff;
 			}
 		}
 	}
@@ -2823,7 +2825,7 @@ static void samr_reply_create_user(SAMR_Q_CREATE_USER *q_u,
 
 	DEBUG(5,("samr_create_user: %d\n", __LINE__));
 
-	make_samr_r_create_user(&r_u, &pol, 0x000703ff, user_rid, status);
+	make_samr_r_create_user(&r_u, &pol, unk_0, user_rid, status);
 
 	/* store the response in the SMB stream */
 	samr_io_r_create_user("", &r_u, rdata, 0);

source/rpcclient/cmd_samr.c

@@ -1605,6 +1605,7 @@ void cmd_sam_create_dom_user(struct client_info *info)
 	uint32 user_rid; 
 	POLICY_HND sam_pol;
 	POLICY_HND pol_dom;
+	uint16 acb_info;
 
 	sid_copy(&sid1, &info->dom.level5_sid);
 	sid_to_string(sid, &sid1);
@@ -1631,7 +1632,14 @@ void cmd_sam_create_dom_user(struct client_info *info)
 		acct_desc[0] = 0;
 	}
 
-
+	if (acct_name[strlen(acct_name)-1] == '$')
+	{
+		acb_info = ACB_WSTRUST;
+	}
+	else
+	{
+		acb_info = ACB_NORMAL;
+	}
 	report(out_hnd, "SAM Create Domain User\n");
 	report(out_hnd, "Domain: %s Name: %s Description: %s\n",
 	                  domain, acct_name, acct_desc);
@@ -1652,7 +1660,7 @@ void cmd_sam_create_dom_user(struct client_info *info)
 	/* create a domain user */
 	res1 = res ? create_samr_domain_user(smb_cli, fnum, 
 				&pol_dom,
-	                        acct_name, ACB_NORMAL, &user_rid) : False;
+	                        acct_name, acb_info, &user_rid) : False;
 
 	res = res ? samr_close(smb_cli, fnum,
 	            &pol_dom) : False;