[PATCH] s3-winbindd: Store schannel credentials in secrets.tdb

Andrew Bartlett abartlet at samba.org
Wed Sep 26 01:12:41 MDT 2012

On Tue, 2012-09-25 at 23:30 -0700, Christian Ambach wrote:
> On 09/25/2012 10:25 PM, Stefan (metze) Metzmacher wrote:

> > we also need to mutex the netlogon_creds_CredentialState->sequence etc.
> > And on the client we typically need to mutex arround network/ipc operations,
> > which should not be mutexed by a tdb lock.
> In which cases (e.g. against which DC versions) is that mechanism used? 
> When certain RPC calls or validationlevels are not available? I am not 
> very deep into the schannel / authentication pieces, so I (and maybe 
> others) could use some coaching here.

While the most common operation (SamLogonEx) does not use the sequence
stuff, and most recent DCs support that, there are other netlogon calls
that use the sequence number stuff. 

I'm sorry I don't have details to hand, but I agree with metze that we
need to do this properly. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list