winbindd_schanel.patch
Andrew Bartlett
abartlet at samba.org
Sat Feb 21 03:13:12 GMT 2004
On Sat, 2004-02-21 at 02:17, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Tridge,
>
> I'm going to check this into 3.0/head unless you are still
> working on it. My tests ran ok and we should get some
> more extensive testing before thej next release.
>
> If I don't hear back in a day, i'll assume its ok.
If we made the scannel setup based on new_conn->domain, then we open up
an option for some particular 'fun & games' that might get some sites
out of trouble:
That is, we *can* do schannel to DCs that are not in our primary domain,
if we have done a join to those domains. We will only use that account
for schannel, we will not be 'joined' to it for other purposes.
Otherwise, this patch looks good to me. I'm honestly surprised it
works, but there seems to be something different between winbind's
operation and the failure modes I was seeing with rpccleint when I
tested it months ago.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040221/76863272/attachment.bin
More information about the samba-technical
mailing list