Can smbd serve files without contacting a DC
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue May 5 12:38:07 MDT 2015
On Tue, May 05, 2015 at 09:13:38PM +0300, Uri Simchoni wrote:
> On Tue, May 5, 2015 at 5:27 PM, Volker Lendecke <Volker.Lendecke at sernet.de>
> wrote:
>
> > On Tue, May 05, 2015 at 06:43:50AM -0700, Richard Sharpe wrote:
> > > > 2. there's another getpwnam in check_account() which is used to get
> > the uid
> > > > and primary gid, and also for some username conversions (not sure I
> > > > understand all this). But the uid/gid can be obtained directly from the
> > > > sids, which would save the domain lookup in case of rid id-mapping.
> > > > Alternatively maybe it's possible to cache username->info3 in addition
> > to
> > > > sid->info3 and have winbindd (which ultimately handles the getpwnam)
> > use
> > > > that.
> >
> > We have the netsamlogon_cache, which stores sid->info3. We
> > have code to also store name->sid in the winbindd_cache. If
> > that does not work, we need to investigate this.
>
>
> AFAICT the netsamlogon_cache is for sid->info3, and name->sid is cached
> only upon explicit sid->name or name->sid request.
True. But for example in winbindd_pam.c you find:
if ( domain->primary ) {
cache_name2sid(domain, name_domain, name_user,
SID_NAME_USER, &user_sid);
}
after a netsamlogon_cache_store which supposedly does the name->sid
cache. Probably something similar is missing in the krb/pac
case. Whether all this works is an open question, but at
least we have all info available.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list