change idmap in the same way as passdb
Stefan (metze) Metzmacher
metze at samba.org
Thu Dec 18 16:43:46 MST 2014
Am 18.12.2014 um 22:56 schrieb Andrew Bartlett:
> On Thu, 2014-12-18 at 22:18 +0100, Stefan (metze) Metzmacher wrote:
>> Am 18.12.2014 um 22:07 schrieb Andrew Bartlett:
>>> On Thu, 2014-12-18 at 20:27 +0100, Stefan (metze) Metzmacher wrote:
>>>> Am 18.12.2014 um 10:38 schrieb Andrew Bartlett:
>>>>> On Thu, 2014-12-18 at 21:23 +1300, Andrew Bartlett wrote:
>>>>>> On Thu, 2014-12-18 at 09:13 +0100, Stefan (metze) Metzmacher wrote:
>>>>>>> Am 18.12.2014 um 08:52 schrieb Andrew Bartlett:
>>>>>>>> Metze,
>>>>>>>>
>>>>>>>> Now we have successfully changed the pdb library, I propose we do the
>>>>>>>> same with idmap. On a solaris-like system a while back, I found our
>>>>>>>> internal and private idmap clashing with the system idmap (for NFSv4).
>>>>>>>> The same grouping library trick should be enough to avoid this issue as
>>>>>>>> well. I'll try and prepare a patch tomorrow if I'm not totally swamped
>>>>>>>> in the rush before Christmas.
>>>>>>>
>>>>>>> Ok, do we already have a bug report for this?
>>>>>>>
>>>>>>> metze
>>>>>>
>>>>>> This looks like it:
>>>>>>
>>>>>> https://bugzilla.samba.org/show_bug.cgi?id=10112
>>>>>
>>>>> Metze,
>>>>>
>>>>> You suggested on private IRC that we find a generic solution in the
>>>>> PRIVATE_NAME wafsamba function. I attach my attempt at that.
>>>>>
>>>>> Sadly at least on my test here, it didn't help. Let me know if you
>>>>> figure it out, otherwise we may have to ad-hock idmap at least for now.
>>>>
>>>> This patch seems to work.
>>>
>>> It looks like it relies on a patch I don't have, as it only applies with
>>> fuzz.
>>
>> See the [PATCHES] fix soname of linux nss_*.so.2 modules thread...
>>
>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-forest
>> also has the patches.
>
> If you can get me a branch with what exactly you want reviewed as early
> as possible tomorrow your time, I'll try and find time this evening.
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-forest-ok
has everything...
> Some small notes:
> - In the new trusted domain cli_credentials code, you don't need a new
> lp_ctx, use the one on the dsdb private state pointer.
fixed.
> - The RODC already checks locally first, and falls back to a remote
> NETLOGON call if we get NOT_IMPLEMENTED as the reply, so the TODO isn't
> required
Ah, ok the winbindd_dual_auth_passdb() calls...
> - How can we test all this? We really need to start a 2nd forest in
> make test.
I'm working on this next, first I need something like 'samba-tool domain
trust add'
> BTW, if you get all this going, subdomains are not far off either - most
> of the problems are exactly the same.
Yes, similar.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141219/fe2ce8ec/attachment.pgp>
More information about the samba-technical
mailing list