a way to disable ADS in winbind in samba3
tridge at samba.org
tridge at samba.org
Mon May 28 09:47:14 GMT 2007
I've sometimes come across sites where a w2k or w2k3 DC is in use but
ADS is totally broken. It used to be that in a pinch you could use rpc
instead, but now winbind insists on working out for itself if ADS is
supported and using ADS anyway. Unfortunately sometimes this doesn't
work, and ADS is just too badly broken on the DC to work. Windows
clients cope with this, but winbind doesn't.
It would be great to improve the auto-detection, but I'd also like to
suggest the following override:
--- source/nsswitch/winbindd_cm.c 2007-04-11 15:41:35 +0000
+++ source/nsswitch/winbindd_cm.c 2007-05-22 05:50:36 +0000
@@ -1641,6 +1641,15 @@
DEBUG(5,("set_dc_type_and_flags: domain %s is %srunning active directory.\n",
domain->name, domain->active_directory ? "" : "NOT "));
+ /* allow override for using ads - a last ditch approach for domain controllers
+ that are terminally broken */
+ if (domain->active_directory &&
+ !lp_parm_bool(-1, "winbind", "ads", True)) {
+ domain->active_directory = False;
+ domain->native_mode = False;
+ DEBUG(0,("Overriding active directory detecting - disabling ADS\n"));
+ }
+
so when you are pulling your hair out and can't get an admin to fix a
broken DC, you can at least get something working by setting
"winbind:ads = no" as a last desperate measure.
The world is full of broken DCs. We need a way to work with them, sad
as that may be.
Cheers, Tridge
More information about the samba-technical
mailing list