[PATCH] change 'winbind rpc only' to default to true

Michael Adam obnox at samba.org
Thu Jun 16 09:34:02 UTC 2016 

review / comments appreciated

Michael
-------------- next part --------------
From f75209bd8c87523db70fa99bef840d44cc980d16 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 16 Jun 2016 09:54:06 +0200
Subject: [PATCH] winbind: change "winbind rpc only" to default to "yes"

When using domain security and not ads security against
an AD domain, one ususally WANTS rpc...

Signed-off-by: Michael Adam <obnox at samba.org>
---
 docs-xml/smbdotconf/winbind/winbindrpconly.xml | 15 +++++++++++----
 lib/param/loadparm.c                           |  2 ++
 source3/param/loadparm.c                       |  2 ++
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/docs-xml/smbdotconf/winbind/winbindrpconly.xml b/docs-xml/smbdotconf/winbind/winbindrpconly.xml
index 50795ac..83f2b33 100644
--- a/docs-xml/smbdotconf/winbind/winbindrpconly.xml
+++ b/docs-xml/smbdotconf/winbind/winbindrpconly.xml
@@ -5,11 +5,18 @@
 <description>
 
 	<para>
-	Setting this parameter to <value type="example">yes</value> forces 
-	winbindd to use RPC instead of LDAP to retrieve information from Domain
-        Controllers.
+	When configured with <value type="example">domain</value> security,
+	winbindd by default (i.e. when this parameter is set to only
+	<value type="example">yes</value>) uses the standard NT4-style
+	RPC methods to communicate with domain controllers.
+	But winbindd can detect if the domain is an Active Directory domain.
+	Under some circumstances it may be desired in this case to use
+	Active Directory methods (LDAP) for DC communication despite domain
+	security being configured.
+	This behavior be triggered by setting this parameter to
+	<value type="example">no</value>.
 	</para>
 	
 </description>
-<value type="default">no</value>
+<value type="default">yes</value>
 </samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 73d4204..bb9279b 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2898,6 +2898,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
 	lpcfg_do_global_parameter(lp_ctx, "aio max threads", "100");
 
+	lpcfg_do_global_parameter(lp_ctx, "winbind rpc only", "yes");
+
 	/* Allow modules to adjust defaults */
 	for (defaults_hook = defaults_hooks; defaults_hook;
 		 defaults_hook = defaults_hook->next) {
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index c17c099..c56410a 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -813,6 +813,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.winbind_refresh_tickets = false;
 	Globals.winbind_offline_logon = false;
 
+	Globals.winbind_rpc_only = true;
+
 	Globals.idmap_cache_time = 86400 * 7; /* a week by default */
 	Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
 
-- 
2.5.5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160616/93781391/signature.sig>

More information about the samba-technical mailing list