Subdomain support in the AD DC!
Andrew Bartlett
abartlet at samba.org
Wed Sep 11 22:37:05 CEST 2013
On Wed, 2013-09-11 at 22:27 +0200, Volker Lendecke wrote:
> On Thu, Sep 12, 2013 at 07:59:57AM +1200, Andrew Bartlett wrote:
> > We certainly could. I should have been clearer as to why I suggested
> > this particular task: Yes, NTLM authentication could be done with an
> > existing or modified interface, and the other calls in winbind.idl are
> > trivial.
> >
> > I suggested this task because all the other parts are already in place:
> > We have a simple client to test with (ntlm_auth4), and the server code
> > already exists. That way, the task itself is fairly simple - just glue
> > already working components together.
> >
> > That said, there are only 3 working calls in winbind.idl, and we could
> > certainly continue to expand the existing protocol. My only comment on
> > that is that it just puts off at least trying to use IRPC (which is
> > already based on metze's binding handle work), and a common unix domain
> > socket based messaging system, both of which would I think be useful
> > more broadly.
> >
> > IRPC is used elsewhere in the source4 code. It is quite a flexible,
> > async, IDL-based messaging system, and it would be great if more parts
> > of our code could talk to each other.
>
> That might be true. But given our limited resources we need
> to take short cuts in places I believe. Right now I don't
> see a real functional need that would make irpc in
> source3/winbind strictly necessary. It might come in the
> near future, but right now I believe using the old crap
> protocol behind a relatively clean API is just less work.
Certainly.
> Don't get me wrong, I have seriously played with unix domain
> datagram sockets for messaging scalability already and
> sooner or later it will happen. The real need will come from
> a completely different corner: ctdb scalability and
> parallelism. But right now -- not yet for me.
OK. I had seen your efforts and interest in this in the past, which is
why I thought it might be reasonable to suggest.
> This is an isolated interface that is relatively easily
> replacable. I would like to attack the functional problems
> first.
Indeed, and SDC will be the ideal time to find and fix those, and leave
polishing for (say) the long flights and sleepness nights on the way
home :-)
> I am the first to do a lot of small cleanups here and
> there when I come across bad code (see my brlock cleanup of
> this morning for example). But my personal level of pain
> with the winbind interface has not been reached yet :-)
That is entirely reasonable. Let me know how you go!
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
More information about the samba-technical
mailing list