source4 Winbind credential chaining issue

Stefan (metze) Metzmacher metze at samba.org
Mon Dec 23 01:50:57 MST 2013


Am 23.12.2013 05:26, schrieb Garming Sam:
> So, I've spent the last couple of days testing using Wintest.
> 
> I recently noticed that with an RODC (connected to a Win2008R2 domain),
> samba_dnsupdate would fail. But not consistently and it would switch
> between passing or failing, sometimes having strings of successes or
> failures, or simply alternating.
> 
> The source of the issue isn't yet entirely clear, but it appears to be
> an issue with Winbind and potentially involves the netlogon credentials
> chain. If this does indeed turn out to be the case, do we cater for
> source4 Winbind and fix it there, or do we simply ditch it in favour of
> source3 and work out how to integrate it?

Given that the RODC feature seems to be incomplete anyway in the current
releases, I'd try to switch to the source3 winbind if possible.

> I ended up testing against 4.1, master and metze's master4-schannel-ok
> branch. The behaviour was persistent on each.

My code doesn't touch the source4 winbind.

I included our patch into my master-schannel-ok branch
and will push it together with the first uncritical patches to master soon.

metze


More information about the samba-technical mailing list