s3-winbindd and binding handles

Andrew Bartlett abartlet at samba.org
Wed May 14 00:56:17 MDT 2014 

On Thu, 2014-05-08 at 17:11 +1200, Andrew Bartlett wrote:
> On Thu, 2014-05-08 at 11:37 +1200, Andrew Bartlett wrote:
> > On Thu, 2014-05-08 at 08:55 +1200, Andrew Bartlett wrote:
> > > On Wed, 2014-05-07 at 11:17 +0200, Stefan (metze) Metzmacher wrote:
> > > > Hi Volker,
> > > > 
> > > > >> My current work in progress is here:
> > > > >> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/ad-dc-winbindd-WIP
> > > > >>
> > > > >> My next goal is to have winbindd answer the SamLogon protocol the
> > > > >> source4 auth system uses, and to extend that to include everything we
> > > > >> need, particularly for the RODC.  
> > > > > 
> > > > > To me this looks as if the parent winbind loops inside a
> > > > > nested event context processing the irpc request. This would
> > > > > block all other async requests that might be handled
> > > > > concurrently. Am I getting this right?
> > > > 
> > > > That depends on the content of winbindd/winbindd_update_rodc_dns.c,
> > > > but that is missing in the commit...
> > > > 
> > > > In general the IRPC handler can be implemented asnyc,
> > > > it has to set m->defer_reply = true;
> > > > 
> > > > See the wb_irpc_DsrUpdateReadOnlyServerDnsRecords() function in
> > > > source4/winbind/wb_irpc.c.
> > > 
> > > Correct, and that is what it does because of course it is a copy from
> > > there.  Then it passes it to the winbindd_dual child to actually
> > > implement.  Currently this is manual, but I'm going to make it forward
> > > using a more generic mechanism as I think that could be a very powerful
> > > pattern. 
> > 
> > I've updated the branch with the code. 
> 
> I've pushed some more fixes to that branch, and my first untested and
> almost certainly broken prototype of RPC forwarding between IRPC and
> internal winbind RPC.  I'm sure there is much broken, but finding that
> will be a task for tomorrow :-)
> 
> What I need now is a way to, without breaking the rest of winbindd, on
> an RODC get a binding handle to a full DC, and a way on a DC to get a
> binding handle on the PDC.  We need this when we forward a logon if the
> password isn't in the local DB, or if the password is wrong. 

Can I please get a hand with this (getting these other binding handles)?

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140514/1726532f/attachment.pgp>

More information about the samba-technical mailing list