s3-winbindd and binding handles
abartlet at samba.org
Wed May 14 00:56:17 MDT 2014
On Thu, 2014-05-08 at 17:11 +1200, Andrew Bartlett wrote:
> On Thu, 2014-05-08 at 11:37 +1200, Andrew Bartlett wrote:
> > On Thu, 2014-05-08 at 08:55 +1200, Andrew Bartlett wrote:
> > > On Wed, 2014-05-07 at 11:17 +0200, Stefan (metze) Metzmacher wrote:
> > > > Hi Volker,
> > > >
> > > > >> My current work in progress is here:
> > > > >> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/ad-dc-winbindd-WIP
> > > > >>
> > > > >> My next goal is to have winbindd answer the SamLogon protocol the
> > > > >> source4 auth system uses, and to extend that to include everything we
> > > > >> need, particularly for the RODC.
> > > > >
> > > > > To me this looks as if the parent winbind loops inside a
> > > > > nested event context processing the irpc request. This would
> > > > > block all other async requests that might be handled
> > > > > concurrently. Am I getting this right?
> > > >
> > > > That depends on the content of winbindd/winbindd_update_rodc_dns.c,
> > > > but that is missing in the commit...
> > > >
> > > > In general the IRPC handler can be implemented asnyc,
> > > > it has to set m->defer_reply = true;
> > > >
> > > > See the wb_irpc_DsrUpdateReadOnlyServerDnsRecords() function in
> > > > source4/winbind/wb_irpc.c.
> > >
> > > Correct, and that is what it does because of course it is a copy from
> > > there. Then it passes it to the winbindd_dual child to actually
> > > implement. Currently this is manual, but I'm going to make it forward
> > > using a more generic mechanism as I think that could be a very powerful
> > > pattern.
> > I've updated the branch with the code.
> I've pushed some more fixes to that branch, and my first untested and
> almost certainly broken prototype of RPC forwarding between IRPC and
> internal winbind RPC. I'm sure there is much broken, but finding that
> will be a task for tomorrow :-)
> What I need now is a way to, without breaking the rest of winbindd, on
> an RODC get a binding handle to a full DC, and a way on a DC to get a
> binding handle on the PDC. We need this when we forward a logon if the
> password isn't in the local DB, or if the password is wrong.
Can I please get a hand with this (getting these other binding handles)?
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the samba-technical