[PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data

Andrew Bartlett abartlet at samba.org
Tue Jan 22 11:42:07 GMT 2008 

On Tue, 2008-01-22 at 12:16 +0100, Stefan (metze) Metzmacher wrote:
> Andrew,
> 
> please commit this in small pieces using 'git add -i'
> and check with 'git diff --cached' what is selected for the next
> commit.

> 
> >> diff --git a/source/libnet/libnet_become_dc.c b/source/libnet/libnet_become_dc.c
> >> index 862631f..c9185c7 100644
> >> --- a/source/libnet/libnet_become_dc.c
> >> +++ b/source/libnet/libnet_become_dc.c
> >> @@ -1514,10 +1514,10 @@ static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s,
> >>  
> >>  	if (!drsuapi->binding) {
> >>  		if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc", "print", false)) {
> >> -			binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[krb5,print,seal]", s->source_dsa.dns_name);
> >> +			binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[print,seal]", s->source_dsa.dns_name);
> >>  			if (composite_nomem(binding_str, c)) return;
> >>  		} else {
> >> -			binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[krb5,seal]", s->source_dsa.dns_name);
> >> +			binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[seal]", s->source_dsa.dns_name);
> >>  			if (composite_nomem(binding_str, c)) return;
> >>  		}
> >>  		c->status = dcerpc_parse_binding(s, binding_str, &drsuapi->binding);
> 
> Is this change really needed?
> We should really use krb5.

For some reason I was having trouble with krb5, so I disabled it on the
command line with -kno.  I had to change this to allow that to be
honoured. 

I think the correct place to handle this setting is in the credentials
subsystem (which reads the -kyes or -kno from the command line). 

We try SPNEGO first, then NTLMSSP as a fallback in the RPC connection
code.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080122/2d97831b/attachment.bin

More information about the samba-technical mailing list