CVS update: samba/source/nsswitch

Andrew Bartlett abartlet at
Sun Jun 22 03:02:08 GMT 2003

On Sat, 2003-06-21 at 23:26, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> On 21 Jun 2003, Andrew Bartlett wrote:
> >  - I'm worried about removing the 'server disabled' checks - what stops
> > us beating on dead servers?
> I can put them back in, but the 3.0 code seemed to have drifted
> quite a bit.  I spoke with Tim and Jeremy about it can came to 
> the conclusion the APP_HEAD was in a better state wrt to this 
> feature.
> You also need to qualify what you mean by dead.  We have name
> a negative connection cache as well for fdealing with dead 
> connections.  A lot of the code for dealing with RestrictAnonymous
> DC's neede to know what the last returned error was.  Arbitrarly
> returned server disabled causes problems here.  If the new code poses a 
> problem, then we'll need to add in more checks rather than reverting this 
> change.

Yes, but 3.0 does ADS connections - those servers won't be affected by a
negative netbios name cache.  (And yes, I've seen that code improving
very nicely over the last little bit).

> This code has been running well for several months now through a barrage 
> of failover test.

Including ADS failover?

> >  - We need to use the parsed information in the PAC or else we are going
> > to get *very* inconsistent results with clients who 'sometimes' use
> > Kerberos.
> like I said, this was only for the rpc backend.  The ads code 
> will need more work.  The uni_group code didn't use the PAC 
> information either.

Just watch out, we can mix the RPC backend with kerberos logins under
some strange situations.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list