Primary domain's status in winbindd child process is not
consistent with the parent winbindd process.
Bo Yang
boyang at novell.com
Mon Jun 2 08:15:15 GMT 2008
Hi, All:
Assume winbindd parent process is Pp, and domain A(primary domain) trusts domain B, child process for domain A and B is Pa and Pb respectively.
cached logon is enabled and kerberos login is disabled.
Pa, Pb will both be forked, and the primary domain's status in the two process is initialized and offline.
Some time later, Domain A(primary domain) and domain B both go online. Thus the status of primary domain is updated in Pp and Pa, but not in Pb.
So the status of primary domain in Pb is still offline and initialized. But domain B's status is online. And when PAM_AUTH request arrived, cached logon is not performed because domain B is online, Samlogon is performed. And Pb tries to connect to DC of primary domain(domain A) for pass through authentication. But domain A's status in Pb is always offline and initialized(never being updated), thus PAM_AUTH will always returns DOMAIN_CONTROLLER_NOT_FOUND error............
We should keep track of the status of primary domain in child winbindd process, I think.
Patch for 3-0-test and v3-2-test in the attachment.
Please review it.
Thanks!
BoYang
-------------- next part --------------
A non-text attachment was scrubbed...
Name: primary_domain_status_v3-0-test.diff
Type: application/octet-stream
Size: 1236 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080602/8f404dc3/primary_domain_status_v3-0-test.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: primary_domain_status_v3-2-test.diff
Type: application/octet-stream
Size: 1218 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080602/8f404dc3/primary_domain_status_v3-2-test.obj
More information about the samba-technical
mailing list