[PATCH] DNS and Subdomain patches

Andrew Bartlett abartlet at samba.org
Wed Sep 3 17:15:21 MDT 2014

On Wed, 2014-09-03 at 18:36 +0200, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> >> Except for SAMR (which we should avoid as much as we can) we should only
> >> ever contact
> >> directly trusted domains and allow the remote dc forward netlogon and
> >> lsa requests.
> >>
> >> In addition to NETLOGON and LSA we could have a drsuapi connection
> >> (using krb5)
> >> for our own domain and other direct trusts.
> >> Windows seems to forward LSA Lookup calls as DsCrackNames calls
> >> (maybe only to GC servers).
> > 
> > So, with lots of work to do and a larger refactor of winbindd proposed
> > above, how do you suggest we proceed?  Are you able to work on some of
> > this?
> Only small fixes here and there, sorry.

Then can we proceed broadly as I propose, and move towards this as time
and resources are available?  Otherwise, I'm a bit stuck - this effort
so far has worked because the changes have shown to be largely
incremental, rather than revolutionary. 


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140904/cb464bdb/attachment.pgp>

More information about the samba-technical mailing list