[PATCH] change 'winbind rpc only' to default to true
Michael Adam
obnox at samba.org
Thu Jun 16 09:34:02 UTC 2016
review / comments appreciated
Michael
-------------- next part --------------
From f75209bd8c87523db70fa99bef840d44cc980d16 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 16 Jun 2016 09:54:06 +0200
Subject: [PATCH] winbind: change "winbind rpc only" to default to "yes"
When using domain security and not ads security against
an AD domain, one ususally WANTS rpc...
Signed-off-by: Michael Adam <obnox at samba.org>
---
docs-xml/smbdotconf/winbind/winbindrpconly.xml | 15 +++++++++++----
lib/param/loadparm.c | 2 ++
source3/param/loadparm.c | 2 ++
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/docs-xml/smbdotconf/winbind/winbindrpconly.xml b/docs-xml/smbdotconf/winbind/winbindrpconly.xml
index 50795ac..83f2b33 100644
--- a/docs-xml/smbdotconf/winbind/winbindrpconly.xml
+++ b/docs-xml/smbdotconf/winbind/winbindrpconly.xml
@@ -5,11 +5,18 @@
<description>
<para>
- Setting this parameter to <value type="example">yes</value> forces
- winbindd to use RPC instead of LDAP to retrieve information from Domain
- Controllers.
+ When configured with <value type="example">domain</value> security,
+ winbindd by default (i.e. when this parameter is set to only
+ <value type="example">yes</value>) uses the standard NT4-style
+ RPC methods to communicate with domain controllers.
+ But winbindd can detect if the domain is an Active Directory domain.
+ Under some circumstances it may be desired in this case to use
+ Active Directory methods (LDAP) for DC communication despite domain
+ security being configured.
+ This behavior be triggered by setting this parameter to
+ <value type="example">no</value>.
</para>
</description>
-<value type="default">no</value>
+<value type="default">yes</value>
</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 73d4204..bb9279b 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2898,6 +2898,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "aio max threads", "100");
+ lpcfg_do_global_parameter(lp_ctx, "winbind rpc only", "yes");
+
/* Allow modules to adjust defaults */
for (defaults_hook = defaults_hooks; defaults_hook;
defaults_hook = defaults_hook->next) {
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index c17c099..c56410a 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -813,6 +813,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
Globals.winbind_refresh_tickets = false;
Globals.winbind_offline_logon = false;
+ Globals.winbind_rpc_only = true;
+
Globals.idmap_cache_time = 86400 * 7; /* a week by default */
Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
--
2.5.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160616/93781391/signature.sig>
More information about the samba-technical
mailing list