trustdom_cache when winbind is running?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Jun 3 14:23:58 GMT 2005
On Fri, Jun 03, 2005 at 09:00:33AM -0500, Gerald (Jerry) Carter wrote:
> Something can be broken in multiple ways. Broken
> in design or broken in function. The code works in
> function but may be broken in design. The setup you
> outlined wasn't part of the original requirements :-)
:-))
> The main reason IIRC for not querying winbindd was
> the fact that historically winbind blocked. But with your
> new implementation (and even later versions) this is not
> as much of a concern.
There's two points where we look at the trustdom cache:
During login. This very close to the is_trusted_domain call asks winbind
anyway, so here not much is gained.
In _net_logon_ctrl2 we also look whether that domain is trusted. I would
assume that this call is only issued if we're a DC and thus look at
secrets.tdb for this info. So another non-issue.
So there must be another reason for the trustdom cache with winbind around...
> So if you want to ping winbindd and ask if the domain is
> a trusted one, that sounds like a good idea to me.
> And then trustdom_cache is just used for smbd with no
> winbindd right ?
Yes, and we don't even need a new winbind call, WINBINDD_DOMAIN_INFO is
perfectly usable for this.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050603/fa4f8209/attachment.bin
More information about the samba-technical
mailing list