[PATCH] DNS and Subdomain patches
Andrew Bartlett
abartlet at samba.org
Wed Sep 3 17:15:21 MDT 2014
On Wed, 2014-09-03 at 18:36 +0200, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
>
> >> Except for SAMR (which we should avoid as much as we can) we should only
> >> ever contact
> >> directly trusted domains and allow the remote dc forward netlogon and
> >> lsa requests.
> >>
> >> In addition to NETLOGON and LSA we could have a drsuapi connection
> >> (using krb5)
> >> for our own domain and other direct trusts.
> >> Windows seems to forward LSA Lookup calls as DsCrackNames calls
> >> (maybe only to GC servers).
> >
> > So, with lots of work to do and a larger refactor of winbindd proposed
> > above, how do you suggest we proceed? Are you able to work on some of
> > this?
>
> Only small fixes here and there, sorry.
Then can we proceed broadly as I propose, and move towards this as time
and resources are available? Otherwise, I'm a bit stuck - this effort
so far has worked because the changes have shown to be largely
incremental, rather than revolutionary.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140904/cb464bdb/attachment.pgp>
More information about the samba-technical
mailing list