Plans for pdb_ads and auth_netlogond?

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Jun 19 09:17:48 MDT 2012

On Tue, Jun 19, 2012 at 11:08:20PM +1000, Andrew Bartlett wrote:
>   - auth_netlogond cannot handle kerberos (because it was written before those 
>     extensions), and cannot query the correct lsa database for matching privileges. 

Why could it not be extended to do this? We have had
Kerberos support in smbd for ages, as you very well know.
And querying an LSA database over RPC is no magic either.

Regarding the missing transactions over LDAP: We have talked
about how to fix that problem a couple of years ago. Design
LDAP exops that do the whole set of operations that need to
be protected by transactions.

> - At best, they duplicate the supported, working and tested solution. 
> - We should not release, even as a developer feature, code which is duplicate, 
>   untested and which we do not wish to support. 

Sorry, but with that argument we need to remove the S4
fileserver immediately. It is duplicate and it is nothing
anybody wants to support.

With best regards,

Volker Lendecke

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen, mailto:kontakt at

More information about the samba-technical mailing list