Subdomain support in the AD DC!

Andrew Bartlett abartlet at
Tue Sep 10 00:27:53 CEST 2013

On Tue, 2013-09-10 at 08:15 +1200, Andrew Bartlett wrote:
> On Mon, 2013-09-09 at 08:15 +0200, Volker Lendecke wrote:
> > On Mon, Sep 09, 2013 at 08:27:05AM +1200, Andrew Bartlett wrote:
> > > > Obvious question: Which winbind? :-)
> > > 
> > > I wrote in detail here:
> > > 
> > >
> > > 
> > > And I raised that again when we discussed async gensec issues:
> > > 
> > >
> > > 
> > > Do you have anything more to add?
> > 
> > My question was more about which winbind you *want* to
> > enhance in your new efforts now. As you can expect, I would
> > like to see the source3 winbind to be the basis for future
> > work, and I would like to offer my assistance there.
> I'm sorry, I thought that was clear in the first link, but on re-reading
> it isn't.  The source3 winbind is the basis for the winbind I want to
> see 'going forward'. 
> It needs to gain a number of features (and possibly some of the code
> implementing those features) from the source4 winbind, mostly around the
> calls implemented using IRPC.  

If you want to help out, a specific, defined and useful task you could take on is:

Provide an IRPC listener for the SamLogon call, glued in to the existing
SamLogon handlers.  You can use ntlm_auth4
--helper-protocol=squid-2.5-ntlmssp to test it (it speaks the IRPC
protocol when handling NTLMSSP).  You may or may not wish to merge the
messaging code first, but that shouldn't be needed to get it going. 

Getting this much working would make a massive difference to being able
to swap in the source3 winbind, and lay the ground-work for the other
calls we need. 


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Catalyst IT         

More information about the samba-technical mailing list