[PATCH] Change winbindd to use the auth subsystem (use winbindd in AD DC)

Andrew Bartlett abartlet at samba.org
Thu Mar 27 02:11:45 MDT 2014

On Thu, 2014-03-27 at 08:07 +0100, Volker Lendecke wrote:
> On Thu, Mar 27, 2014 at 05:34:01PM +1300, Andrew Bartlett wrote:
> > Attached is a patch series to change how winbindd talks to the auth
> > subsystem, and to clean up the memory to use talloc properly. 
> > 
> > The purpose of this is to allow auth_samba4 to provide the services that
> > auth_sam is currently providing.  In turn that will eventually allow
> > winbindd to be used on the AD DC.
> Can you describe to me again what auth_samba4 provides that
> can not be provided by winbind going over a local NETLOGON
> pipe? This IMHO would be a much cleaner separation of code.

This keeps the current behaviour, which is to handle this in-process. 

All that is changed is going via a plugable method to access the auth
module, allowing us to keep the identical behaviour (auth_sam in
process) for existing winbindd users.

That behaviour was added in:

commit 577bceb19bed18db053456b2b686ba04df1d7456
Author: Volker Lendecke <vl at samba.org>
Date:   Sun Apr 11 15:27:49 2010 +0200

    s3-winbind: Authenticate SAM users

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list