winbind on PDC for trusted domains

Gerald (Jerry) Carter jerry at samba.org
Sat Jun 28 08:42:24 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 27 Jun 2003, Andrew Bartlett wrote:

> On Thu, 2003-06-26 at 19:57, Volker Lendecke wrote:
> > On Thu, Jun 26, 2003 at 11:55:24AM +0200, Volker Lendecke wrote:
> > > As winbindd has considerably changed lately, I had to tweak my little
> > > patch to make it work on a PDC a bit. Here is my latest version.
> > 
> > Ah, just that I'm not misunderstood:
> > 
> > This is completely work in progress.
> 
> And this patch is worse...
> 
> The attached patch attempts to call the auth subsystem from inside
> winbind, to prevent it from looping back to smbd (which will lock on
> contacting winbind).

Can I suggest that we just disable winbindd lookups for users that 
don't have the winbind separator in the name.  I think you guysa re making 
this too complicated.  I really don't think winbindd needs to be digging 
around in local accounts.  That really makes things messy from 
a code maintainance point of view.

The patch at http://samba.org/~jerry/winbind_on_pdc_v1.patch
works with the minor detail that I still have to code up the trustdomain
and winbind auth methods to produce a SAM_ACCOUNT.  This patch has been 
tested a fair amount.  I know basic SMB connection works.

Also note that there is a server mutex deadlock in the cvs code right
when using "auth methods = guest sam trustdomain" and trying to run
winbindd.  We should really only use "guest sam winbind" if winbindd is 
running and leave the trustdomain auth method for situations where the
usernames already match.




cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+/VT0IR7qMdg1EfYRAkOmAJ9JTNzkprUzKIRrJzHezHIB2aa/4QCffzfp
9ssWQx/Me7+4T/oGbMg+joY=
=WpUD
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list