A combined make test

Andrew Bartlett abartlet at samba.org
Sun Apr 17 15:47:31 MDT 2011

On Mon, 2011-04-18 at 07:34 +1000, Andrew Bartlett wrote:
> On Sat, 2011-04-16 at 15:58 +0200, Volker Lendecke wrote:
> > On Sat, Apr 16, 2011 at 08:08:13PM +1000, Andrew Bartlett wrote:
> > > The main issue I foresee is ensuring that Samba3 does not make any DNS
> > > lookups, and to constrain the LDAP and Kerberos traffic.  Kerberos
> > 
> > Attached find two patches which I use when testing net ads
> > join and winbind on a system with broken DNS. Maybe that
> > gets you a little step further towards that goal.


In case I didn't make it clear, I really appreciate the help.  These
kind of clues are really helpful and make a big difference when trying
to translate the real world into a synthetic test environment like 'make

> Out of interest, why don't we always us the first patch?  I could see
> how it could possibly break Start-TLS, but was there any other reason?
> While I don't yet have enough background to propose a solution in
> Samba3, the way I solved this in Samba4 was to ensure all name
> resolution went via our library, and to use a 'fake dns' lookup file. 
> If things do work fine with the address there, one way to make OpenLDAP
> use socket wrapper would be to (breaking all abstractions) obtain the
> address as you do, and inquire of socket_wrapper the path that would be
> used, and then connect to that path with ldapi://.  That might be just
> enough to get this tested without a major rewrite. 
> Similarly, to help me better understand this layer and your second
> patch, what are the advantages or disadvantages to storing the srv_name?
> Is the problem that we are storing DNS names in the netbios name cache,
> or just that we won't re-query DNS at the right time, or something else?
> Thanks,
> Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list