Is "Disjoint Namespace" fully functional?
abartlet at samba.org
Tue Aug 26 16:38:12 MDT 2014
On Tue, 2014-08-26 at 16:24 -0300, Martinx - ジェームズ wrote:
> During my first month with Samba4 AD DC (4.1.6 from Trusty), I was using a
> feature called "Disjoint Namespaces" but, now (Samba 4.1.11), it isn't
> working anymore.
> Doc: http://technet.microsoft.com/en-us/library/cc731929(v=ws.10).aspx
> I'm not sure if I did something wrong, or if it is a regression, because as
> I said, I was using Samba 4.1.6 from Ubuntu Trusty, now I'm using Samba
> 4.1.11 (from my own Ubuntu PPA:
> https://launchpad.net/~martinx/+archive/ubuntu/ig ).... I'm not sure if it
> stopped working because of the upgrade, or because my fault (I tried to add
> more forward zones)... So, I'm asking here if it is really supported (the
> Disjoint Namespace feature) (or not), or if it worked for me at first, "by
"by luck" is the best answer I can give. In particular, the assumption
in Linux krb5 client libs is that the kerberos realm can be found from
the DNS domain, rather than the 'ask my KDC' approach windows uses.
> Or if there is
> something that I can do to fix my "Disjoint Namespaces"...
The best suggestion I can suggest is to do a git bisect between when it
worked and now, and see if something is clear. It looks like an
interesting feature, but it certainly has challenges.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical