[PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data
Andrew Bartlett
abartlet at samba.org
Tue Jan 22 11:42:07 GMT 2008
On Tue, 2008-01-22 at 12:16 +0100, Stefan (metze) Metzmacher wrote:
> Andrew,
>
> please commit this in small pieces using 'git add -i'
> and check with 'git diff --cached' what is selected for the next
> commit.
>
> >> diff --git a/source/libnet/libnet_become_dc.c b/source/libnet/libnet_become_dc.c
> >> index 862631f..c9185c7 100644
> >> --- a/source/libnet/libnet_become_dc.c
> >> +++ b/source/libnet/libnet_become_dc.c
> >> @@ -1514,10 +1514,10 @@ static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s,
> >>
> >> if (!drsuapi->binding) {
> >> if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc", "print", false)) {
> >> - binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[krb5,print,seal]", s->source_dsa.dns_name);
> >> + binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[print,seal]", s->source_dsa.dns_name);
> >> if (composite_nomem(binding_str, c)) return;
> >> } else {
> >> - binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[krb5,seal]", s->source_dsa.dns_name);
> >> + binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[seal]", s->source_dsa.dns_name);
> >> if (composite_nomem(binding_str, c)) return;
> >> }
> >> c->status = dcerpc_parse_binding(s, binding_str, &drsuapi->binding);
>
> Is this change really needed?
> We should really use krb5.
For some reason I was having trouble with krb5, so I disabled it on the
command line with -kno. I had to change this to allow that to be
honoured.
I think the correct place to handle this setting is in the credentials
subsystem (which reads the -kyes or -kno from the command line).
We try SPNEGO first, then NTLMSSP as a fallback in the RPC connection
code.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080122/2d97831b/attachment.bin
More information about the samba-technical
mailing list