NT4 domain, NETLOGON failure detection
Andrew Bartlett
abartlet at samba.org
Mon Jul 9 04:18:59 GMT 2007
On Mon, 2007-07-09 at 10:59 +0800, boyang wrote:
> catch netlogon failure upon user login or session setup(when access
> samba shares):
> 1. in pam_winbind.c, when return err code is related to netlogon,
> resend request expecting to find one fully functional domain controller,
> which is used for netlogon failure detection when user login.
>
> 2. in wb_common.c, retry several times expecting to find one fully
> operational domain controller, which is used for netlogon failure
> detection when user access samba shares
Why can't the winbind server side do this? I don't think this belongs
in the client lib.
> 3. in winbindd_pam.c, detect netlogon failure when try to connect to
> netlogon pipe, and force winbind to find another fully operational
> domain controller
> 4. In case of winbindd is not available, ntdomain authentication method
> is used, thus add netlogon failure detection in auth_ntdomain.c too.
Given how critical winbind is to getting this right, I think it's more
important to just use winbind all the time. Perhaps we should document
that more?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070709/b154e1f6/attachment.bin
More information about the samba-technical
mailing list