Status on 'don't talk to everybody' in winbindd
Volker.Lendecke at SerNet.DE
Volker.Lendecke at SerNet.DE
Sat Jul 24 07:11:12 GMT 2004
Hi, Andrew!
On Sat, Jul 24, 2004 at 10:27:15AM +1000, Andrew Bartlett wrote:
> For example, for every rescan_trusted_domains(), we still go and ask
> each trusted domain for it's domain sid, an operation that is not
> cached. (Unless our primary DC gave us the SID in the list of trusted
> domains reply).
Hmmm. In the cases I have the DC always gave me the SID. Can that happen at
all? Our DC needs to know the SID anyway for forwarded sid2name calls.
> My memory tells me that the plan was to only ask our primary domain the
> name->SID questions, including that of trusted domains - what happened
> to that? (I see that we always use MSRPC for that connection, which is
> a very good start however).
See winbindd_util.c:499. Here winbind calls find_lookup_domain_from_sid
instead of find_domain_from_sid. We can't unconditionally call
find_our_domain_from_sid as we might be a DC, and then it is winbind who has to
call out itself.
> I would certainly like to work with you on that at the CIFS conference,
> if not before.
Where exactly do you see problems? In the environments I see it seems to work
fine.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040724/1072a4f0/attachment.bin
More information about the samba-technical
mailing list