Let winbindd work against a FreeIPA server
Guenther Deschner
gd at samba.org
Mon Jan 5 09:01:36 MST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
LGTM, pushed.
Thanks!
Guenther
On 05/01/15 16:49, Stefan (metze) Metzmacher wrote:
> Hi,
>
> here're patches to improve the behavior of winbindd when
> contacting domain controllers of trusted ad domains.
>
> We should use the same code path as we use with "security = ads"
> for our primary domain, which means using DNS=>CLDAP with a
> fallback to netbios name and dc lookup.
>
> This is important when talking to FreeIPA DCs, they only provide
> DNS and CLDAP.
>
> The first patch makes sure we can parse the broken netlogon
> attribute generated by FreeIPA. Someone should try to fix the
> FreeIPA server server to use
> ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags() instead of
> ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX().
>
> Please review and push...
>
> Thanks! metze
>
- --
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner at redhat.com
Samba Team gd at samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSqtVkACgkQSOk3aI7hFoieWACeI3lchB4kEu6LGCQjxJyu2WJK
Db8An1ZZHJVoPGnXqqiJ/ATCF7cvwQu2
=WRF8
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list