[PATCH][WIP] AD Subdomain support for Samba 4.2?
Andrew Bartlett
abartlet at samba.org
Sun Aug 10 23:50:18 MDT 2014
OK, so now I have your attention :-)
I'm making very good progress on the subdomain code, and it can be seen
at
http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/subdomain
The patch series is still a work in progress, but I'm trying to make it
tidy enough for folks to reasonably look at. Thoughts, comments and if
you feel like it, review (but not push, I'll collect them up and push
them once I'm happy with the series), most welcome.
The TODO Items that I see are:
- sort out what rules windows uses to decide permission to call
DsReplicaUpdateRefs as our current code doesn't work well cross-domain.
I think we probably just need to rely on the PAC and membership of the
right groups.
- connect the trusted domain passwords in sam.ldb with the
pdb_samba_dsdb code. This does not look hard, and should then allow
winbindd to handle the NTLM forwarding.
- Do not create in provision the groups that "only exist at the forest
root".
No doubt there will be much more work beyond that, and in reality this
might be a Samba 4.3 feature, but much can change with a little help.
I'm mostly testing in 'make test' right now, but have done some very
limited join testing Samba as a subdomain of Windows 2008R2. Testing
other combinations would be very welcome.
Please help out if you can!
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list