Rev 661: Ensure that no matter what state winbind is in we can
still ssh into in http://samba.org/~tridge/3_0-ctdb
tridge at samba.org
tridge at samba.org
Wed Oct 31 06:26:59 GMT 2007
------------------------------------------------------------
revno: 661
revision-id: tridge at samba.org-20071031062327-v40fp5myh9ckjtws
parent: tridge at samba.org-20071029232002-drei13akap50byai
committer: Andrew Tridgell <tridge at samba.org>
branch nick: s3-ctdb-tridge
timestamp: Wed 2007-10-31 17:23:27 +1100
message:
Ensure that no matter what state winbind is in we can still ssh into
the cluster as root. This really matters for clustered Samba as
winbind can block while the node is in a 'banned' state. We need to be
able to get into the cluster nodes for admin purposes.
This is even more important when using the GPFS filesystem. GPFS uses
ssh internally for some monitoring (ssh to localhost) and if ssh
blocks then some common admin tasks (like mmlsnsd -m) can fail.
modified:
source/nsswitch/winbind_nss_linux.c winbind_nss_linux.c-20070210173807-1wjifrbwaz6xnmgl-729
=== modified file 'source/nsswitch/winbind_nss_linux.c'
--- a/source/nsswitch/winbind_nss_linux.c 2007-02-16 21:38:29 +0000
+++ b/source/nsswitch/winbind_nss_linux.c 2007-10-31 06:23:27 +0000
@@ -931,6 +931,14 @@
user, group);
#endif
+ if (strcmp(user, "root") == 0) {
+ /* as a special case, don't return groups for
+ 'root'. This ensures that no matter what state
+ winbind is in, we can still ssh into the host as
+ root. */
+ return NSS_STATUS_NOTFOUND;
+ }
+
ZERO_STRUCT(request);
ZERO_STRUCT(response);
More information about the samba-cvs
mailing list