CVS update: samba/source/nsswitch

Gerald (Jerry) Carter jerry at
Sat Jun 21 13:26:22 GMT 2003

Hash: SHA1

On 21 Jun 2003, Andrew Bartlett wrote:

>  - I'm worried about removing the 'server disabled' checks - what stops
> us beating on dead servers?

I can put them back in, but the 3.0 code seemed to have drifted
quite a bit.  I spoke with Tim and Jeremy about it can came to 
the conclusion the APP_HEAD was in a better state wrt to this 

You also need to qualify what you mean by dead.  We have name
a negative connection cache as well for fdealing with dead 
connections.  A lot of the code for dealing with RestrictAnonymous
DC's neede to know what the last returned error was.  Arbitrarly
returned server disabled causes problems here.  If the new code poses a 
problem, then we'll need to add in more checks rather than reverting this 

This code has been running well for several months now through a barrage 
of failover test.

>  - You didn't remove the old netlogon_unigroup code

Right.  Not yet at least.  On the source file is there.  It's 
not linked.

>  - Why is the cache in the form 'domain-name/rid'?  What's wrong with
> the full SID, as the netlogon unigroup code did?

You reading an old comment. 

>  - We need to use the parsed information in the PAC or else we are going
> to get *very* inconsistent results with clients who 'sometimes' use
> Kerberos.

like I said, this was only for the rpc backend.  The ads code 
will need more work.  The uni_group code didn't use the PAC 
information either.

cheers, jerry

Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see


More information about the samba-technical mailing list