[WIP][PATCH] Use winbindd in the AD DC

Andrew Bartlett abartlet at samba.org
Thu Mar 27 21:50:45 MDT 2014

So, I decided to just dive into making winbindd operate on the AD DC,
and simply fix things as I found them broken.

If you look at
http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/ad-dc-winbindd you can see my progress so far.  Naturally the goal of this is to enable things like proper use of the other rfc2307 attributes, and to kill off the source4 winbind implementation that we just don't have the time to maintain. 

Rather more tests than I expected already pass, and I'm sure many more
are just a few tweaks away.  I'll work on this more next week. 

Some things I know I need that we don't have include a semi-async
winbind client for NTLM authentication (like was written for idmap).

So, if you have a passion for a better AD DC, and know how to work
inside the source3 winbind code, please look at this branch, check it
out and make more of the tests pass!

We may eventually need a new winbindd backend, but for now it used the
SAMR and LSA backends via the forwarded pipes, and I do thank those who
put so much effort into making that possible.  

I don't dare to suggest this will make Samba 4.2, but it would be a
lovely dream :-)


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list