Usability of 'samba-tool domain provision'

Rowland Penny repenny241155 at
Thu Jun 2 19:44:31 UTC 2016

On 02/06/16 20:21, Andrew Bartlett wrote:
> On Thu, 2016-06-02 at 15:19 +0100, Rowland Penny wrote:
>> On 02/06/16 14:02, Andrew Bartlett wrote:
>>> On Thu, 2016-06-02 at 12:28 +0100, Rowland Penny wrote:
>>>> Ok, before I alter my patches, can you confirm, it is just the
>>>> change
>>>> of
>>>> 'realm' & 'domain' from options to args, you are against, or is
>>>> there
>>>> anything else ?
>>> The user should not be prompted about use_xattrs.  In fact, just to
>>> demonstrate that Samba development is always an art both of knowing
>>> the
>>> rules and of knowing when not to apply them, I would argue we
>>> should
>>> actually drop the --use-xattrs option, or at least hide it.
>>> 11f2
>>> b62087e09d9f221d85bd137
>> If I understand you correctly, don't ask about 'use_xattrs', remove
>> the
>> option and set 'use_xattrs' to 'auto'.
> Yes, remove it from interactive, setting to auto.
> Then add "(deprecated)" to the help text for --use-xattrs, so we can
> get rid of it in another release cycle (our standard is to give one
> release of notice for these things).

OK, will do.

>>> For the password check, I would prefer if we re-used the same
>>> complexity check as the DB will use, perhaps by adding a python
>>> binding
>>> to the C function in use.  Otherwise I fear the two will diverge,
>>> and
>>> just cause further confusion.
>>> c0ad
>>> 406d642f2de2f09a25b85b2
>> Ah, here again, this is something I have never done, which 'C'
>> function
>> are you referring to ? and is there anything in samba-tool that
>> already
>> does something similar, that I can examine for clues :-)
> Sadly no, and creating new C bindings isn't trivial either.  I realise
> this is harder, but I would still prefer it was done right.

I did some investigation into this and I think it is going take me some 
time to get my head around it, so I will remove the password patch until 
such time as I get can get it to work :-)

I will post a new set of patches as soon as possible.


> The C fuction is samdb_check_password() in source4/dsdb/common/util.c
> and the bindings for this kind of thing are via source4/dsdb/pydsdb.c
> via python/samba/
> Andrew Bartlett

More information about the samba-technical mailing list