Let winbindd work against a FreeIPA server

Guenther Deschner gd at samba.org
Mon Jan 5 09:01:36 MST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

LGTM, pushed.

Thanks!
Guenther

On 05/01/15 16:49, Stefan (metze) Metzmacher wrote:
> Hi,
> 
> here're patches to improve the behavior of winbindd when
> contacting domain controllers of trusted ad domains.
> 
> We should use the same code path as we use with "security = ads" 
> for our primary domain, which means using DNS=>CLDAP with a
> fallback to netbios name and dc lookup.
> 
> This is important when talking to FreeIPA DCs, they only provide 
> DNS and CLDAP.
> 
> The first patch makes sure we can parse the broken netlogon
> attribute generated by FreeIPA. Someone should try to fix the
> FreeIPA server server to use
> ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags() instead of
> ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX().
> 
> Please review and push...
> 
> Thanks! metze
> 


- -- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlSqtVkACgkQSOk3aI7hFoieWACeI3lchB4kEu6LGCQjxJyu2WJK
Db8An1ZZHJVoPGnXqqiJ/ATCF7cvwQu2
=WRF8
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list