[PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data

Stefan (metze) Metzmacher metze at samba.org
Tue Jan 22 11:45:15 GMT 2008 

Andrew Bartlett schrieb:
> On Tue, 2008-01-22 at 12:16 +0100, Stefan (metze) Metzmacher wrote:
>> Andrew,
>>
>> please commit this in small pieces using 'git add -i'
>> and check with 'git diff --cached' what is selected for the next
>> commit.
> 
>>>> diff --git a/source/libnet/libnet_become_dc.c b/source/libnet/libnet_become_dc.c
>>>> index 862631f..c9185c7 100644
>>>> --- a/source/libnet/libnet_become_dc.c
>>>> +++ b/source/libnet/libnet_become_dc.c
>>>> @@ -1514,10 +1514,10 @@ static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s,
>>>>  
>>>>  	if (!drsuapi->binding) {
>>>>  		if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc", "print", false)) {
>>>> -			binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[krb5,print,seal]", s->source_dsa.dns_name);
>>>> +			binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[print,seal]", s->source_dsa.dns_name);
>>>>  			if (composite_nomem(binding_str, c)) return;
>>>>  		} else {
>>>> -			binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[krb5,seal]", s->source_dsa.dns_name);
>>>> +			binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[seal]", s->source_dsa.dns_name);
>>>>  			if (composite_nomem(binding_str, c)) return;
>>>>  		}
>>>>  		c->status = dcerpc_parse_binding(s, binding_str, &drsuapi->binding);
>> Is this change really needed?
>> We should really use krb5.
> 
> For some reason I was having trouble with krb5, so I disabled it on the
> command line with -kno.  I had to change this to allow that to be
> honoured. 
> 
> I think the correct place to handle this setting is in the credentials
> subsystem (which reads the -kyes or -kno from the command line). 
> 
> We try SPNEGO first, then NTLMSSP as a fallback in the RPC connection
> code.

The reason I added this was that I wanted to do the same as windows
and windows uses the krb5 rpc auth mech (16) and not spnego.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080122/0e4c7ae5/signature.bin

More information about the samba-technical mailing list