svn commit: samba r13895 - branches/SAMBA_3_0/source/nsswitch
trunk/source/nsswitch
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Mar 12 14:58:49 GMT 2006
On Thu, Mar 09, 2006 at 05:14:59PM +0100, Guenther Deschner wrote:
> The interesting thing is that it *was* working (just verified with two NT4
> domains) and that it is *still* working after your patch. Apparently there
> is no extra work required to make a login with pam_winbind work using
> NTLM. Checking the krb5 case next.
>
> Still wondering...
Okay, I know how that could work. I have two domains,
WINDOWS and WIN2. WINDOWS trusts WIN2, I'm member of
WINDOWS. If I re-activate your patch and authenticate as
WIN2\vl, the request goes to the WIN2 domain child which
then opens a connection of its own to WINDOWS. I would
consider this as a bug. When designing the child model I had
one child per trusted domain in mind.
If I now log in alternating between WIN2\vl and WINDOWS\vl
this seems to break our credential chaining. The two winbind
children do another ReqChal/Auth2 for every auth request
which is a bit too much traffic.
So I'd like to keep WBFLAG_PAM_CONTACT_TRUSTDOM removed.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060312/a5317f90/attachment.bin
More information about the samba-technical
mailing list