CVS update: samba/source/nsswitch
mbp at samba.org
mbp at samba.org
Tue Jan 21 12:37:48 EST 2003
Date: Tue Jan 21 12:37:48 2003
Author: mbp
Update of /data/cvs/samba/source/nsswitch
In directory dp.samba.org:/tmp/cvs-serv31650/nsswitch
Modified Files:
Tag: APPLIANCE_HEAD
winbindd_cache.c
Log Message:
hp CR1501 and friends
This patch tries to make winbindd cope with the security option
'restrict anonymous=1' on NT4 and W2kS. When this option is set, the
DC disallows SAMR calls on unauthenticated connections, but does allow
LSA translations between names and sids.
Obviously winbindd can't be fully functional in this case, but it
ought to be able to still do these operations -- in particular, with
this patch "wbinfo -n" works, while it does not work without it.
I'm not sure this is right yet but I'd appreciate comments. If this
is correct, I think it ought to be ported to HEAD and 3.0 as well.
It seems to work for me. As Tim suggested I used both built in
(Administrator) and otherwise (jrhacker) SIDs for testing.
This partially reverts the "cached failure" case, and possibly causes
winbindd to hammer on dcs that just don't want to talk to it. You can
imagine a more detailed fix that specifically detects the "ra=1" case
and handles it by using only LSA. From what I know, it doesn't seem
specifically handling that, though perhaps it would be so in HEAD.
Thanks to Tim for patient help.
Revisions:
winbindd_cache.c 1.5.2.8 => 1.5.2.9
http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd_cache.c?r1=1.5.2.8&r2=1.5.2.9
More information about the samba-cvs
mailing list