master4-forest-ok branch
Stefan (metze) Metzmacher
metze at samba.org
Fri Dec 19 03:06:45 MST 2014
Am 19.12.2014 um 10:43 schrieb Andrew Bartlett:
> On Fri, 2014-12-19 at 00:43 +0100, Stefan (metze) Metzmacher wrote:
>
>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-forest-ok
>> has everything...
>>
>>> Some small notes:
>>> - In the new trusted domain cli_credentials code, you don't need a new
>>> lp_ctx, use the one on the dsdb private state pointer.
>>
>> fixed.
>>
>>> - The RODC already checks locally first, and falls back to a remote
>>> NETLOGON call if we get NOT_IMPLEMENTED as the reply, so the TODO isn't
>>> required
>>
>> Ah, ok the winbindd_dual_auth_passdb() calls...
>
> Yes (you still have the TODO :-)
>
>>> - How can we test all this? We really need to start a 2nd forest in
>>> make test.
>>
>> I'm working on this next, first I need something like 'samba-tool domain
>> trust add'
>>
>>> BTW, if you get all this going, subdomains are not far off either - most
>>> of the problems are exactly the same.
>>
>> Yes, similar.
>
> So, as long as you have tested these in some way,
Yes, I'm testing with Windows and FreeIPA.
> I'm happy for you to mark the commits currently in master4-forest-ok
> Reviewed-by: Andrew Bartlett <abartlet at samba.org>.
Thanks!
> I'm looking forward to the automated tests.
Yes, that's one of my next tasks...
> A little of what I have in my random subdomain-wip branches will
> help (that starts the subdomain environment), so we really should sort
> those out again in the new year. The handling of the DNS partitions
> ACLs was one of the few serious blockers - remember it actually worked
> at Microsoft!
I'll have a look if I can take some of your work.
> Naturally, please finish you discussion with Ralf and others on the
> waf/build changes.
Yes.
> Finally, I'm assuming the use of the domain$ account with Kerberos is
> due to one-way trusts? Does it really work like that? Otherwise, I
> would have expected us to use our own machine account, and obtained a
> cross-realm ticket with that.
Yes, that works fine.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141219/3217aba0/attachment.pgp>
More information about the samba-technical
mailing list