RFC Reroute samlogon for trusted child domain user if samlogon fails

Noel Power nopower at suse.com
Mon Nov 9 16:48:43 UTC 2015

On 03/11/15 13:33, Noel Power wrote:
>>  We still need to keep the handling of
> I didn't notice this, <sigh> this makes things difficult and I need some
> advice on how to proceed. The problem now is that  krb5 auth happens in
> the winbindd(trusted domain) child and the samlogon happens in the other
> winbindd(primary) child, the samlogon needs access to the krb5 error
> status from the winbind(trusted domain) child, getting that error to the
> parent is easy enough (assuming my reuse of the reject_reason response
> member is ok) However trying to transfer that error status from the
> parent to the primary domain winbind child doesn't seem easily achieved
> ( I thought of using the extra data field in the request and introducing
> some new flag to indicate to use that ) However... that seems ugly and I
> don't want to waste time on an unacceptable solution, any ideas?
Any suggestion or idea ? anyone


More information about the samba-technical mailing list