NT4 domain, NETLOGON failure detection

Andrew Bartlett abartlet at samba.org
Mon Jul 9 04:18:59 GMT 2007

On Mon, 2007-07-09 at 10:59 +0800, boyang wrote:
> catch netlogon failure upon user login or session setup(when access
> samba shares):
> 1. in pam_winbind.c, when return err code is related to netlogon, 
> resend request expecting to find one fully functional domain controller,
> which is used for netlogon failure detection when user login.
> 2. in wb_common.c, retry several times expecting to find one fully
> operational domain controller, which is used for netlogon failure
> detection when user access samba shares

Why can't the winbind server side do this?  I don't think this belongs
in the client lib.

> 3. in winbindd_pam.c, detect netlogon failure when try to connect to
> netlogon pipe, and force winbind to find another fully operational
> domain controller
> 4. In case of winbindd is not available, ntdomain authentication method
> is used, thus add netlogon failure detection in auth_ntdomain.c too.

Given how critical winbind is to getting this right, I think it's more
important to just use winbind all the time.  Perhaps we should document
that more?

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070709/b154e1f6/attachment.bin

More information about the samba-technical mailing list