Status on 'don't talk to everybody' in winbindd

Volker.Lendecke at SerNet.DE Volker.Lendecke at SerNet.DE
Sat Jul 24 07:11:12 GMT 2004

Hi, Andrew!

On Sat, Jul 24, 2004 at 10:27:15AM +1000, Andrew Bartlett wrote:
> For example, for every rescan_trusted_domains(), we still go and ask
> each trusted domain for it's domain sid, an operation that is not
> cached.  (Unless our primary DC gave us the SID in the list of trusted
> domains reply).

Hmmm. In the cases I have the DC always gave me the SID. Can that happen at
all? Our DC needs to know the SID anyway for forwarded sid2name calls.

> My memory tells me that the plan was to only ask our primary domain the
> name->SID questions, including that of trusted domains - what happened
> to that?  (I see that we always use MSRPC for that connection, which is
> a very good start however).

See winbindd_util.c:499. Here winbind calls find_lookup_domain_from_sid
instead of find_domain_from_sid. We can't unconditionally call
find_our_domain_from_sid as we might be a DC, and then it is winbind who has to
call out itself.

> I would certainly like to work with you on that at the CIFS conference,
> if not before.

Where exactly do you see problems? In the environments I see it seems to work

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url :

More information about the samba-technical mailing list