svn commit: samba r10838 - in branches/SAMBA_4_0/source/winbind: .

Andrew Bartlett abartlet at samba.org
Sun Oct 9 09:51:31 GMT 2005 

On Sun, 2005-10-09 at 11:44 +0200, Volker Lendecke wrote:
> On Sun, Oct 09, 2005 at 07:03:42PM +1000, Andrew Bartlett wrote:
> 
> > My only worry is that we now have two ways we get the auth2'ed pipe:
> > Either in the librpc code or in winbindd.  Your approach nicely takes
> > advantage of the way I re-designed that area, however.
> 
> winbind needs to take care of finding DC's and keeping connections open to
> domain controllers anyway. Opening many persistent SMB connections to DC's is
> not an option, there might be *many* of them. I've seen an installation with
> 500 resource domains all trusting a single central user domain. Every resource
> domain was equipped with PDC and BDC, and the (older) winbinds on those opened
> 3-4 connections to the 2 central DC's each. That just killed the central
> DC's. This installation started the rpc redesign in Samba3. So in Samba4 I'd
> rather not make this mistake again and re-use SMB connections as much as I
> can.

The RPC-SCHANNEL test tries to share connections, using
dcerpc_secondary_connection().  It's a bit messy however.

> So I'd rather vote for winbind providing the services everybody needs via
> irpc than everybody opening connections himself.

This is certainly a worthwhile approach.

> > Examples of how to do a netlogon are in the RPC-SCHANNEL, RPC-SAMLOGON
> > and RPC-NETLOGON tests.  I personally really like the SamLogonEx call,
> > where we don't have to worry about the credentials chaining (but we need
> > to make Samba3 support it, and fallback...).
> 
> You know how I think about backwards compatibility. :-)

:-)

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051009/3cfcbf88/attachment.bin

More information about the samba-technical mailing list