A combined make test
abartlet at samba.org
Sun Apr 17 15:47:31 MDT 2011
On Mon, 2011-04-18 at 07:34 +1000, Andrew Bartlett wrote:
> On Sat, 2011-04-16 at 15:58 +0200, Volker Lendecke wrote:
> > On Sat, Apr 16, 2011 at 08:08:13PM +1000, Andrew Bartlett wrote:
> > > The main issue I foresee is ensuring that Samba3 does not make any DNS
> > > lookups, and to constrain the LDAP and Kerberos traffic. Kerberos
> > Attached find two patches which I use when testing net ads
> > join and winbind on a system with broken DNS. Maybe that
> > gets you a little step further towards that goal.
In case I didn't make it clear, I really appreciate the help. These
kind of clues are really helpful and make a big difference when trying
to translate the real world into a synthetic test environment like 'make
> Out of interest, why don't we always us the first patch? I could see
> how it could possibly break Start-TLS, but was there any other reason?
> While I don't yet have enough background to propose a solution in
> Samba3, the way I solved this in Samba4 was to ensure all name
> resolution went via our library, and to use a 'fake dns' lookup file.
> If things do work fine with the address there, one way to make OpenLDAP
> use socket wrapper would be to (breaking all abstractions) obtain the
> address as you do, and inquire of socket_wrapper the path that would be
> used, and then connect to that path with ldapi://. That might be just
> enough to get this tested without a major rewrite.
> Similarly, to help me better understand this layer and your second
> patch, what are the advantages or disadvantages to storing the srv_name?
> Is the problem that we are storing DNS names in the netbios name cache,
> or just that we won't re-query DNS at the right time, or something else?
> Andrew Bartlett
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical