[PATCH] change 'winbind rpc only' to default to true

Jeremy Allison jra at samba.org
Thu Jun 16 21:50:24 UTC 2016 

On Thu, Jun 16, 2016 at 11:34:02AM +0200, Michael Adam wrote:
> review / comments appreciated
> 
> Michael

> From f75209bd8c87523db70fa99bef840d44cc980d16 Mon Sep 17 00:00:00 2001
> From: Michael Adam <obnox at samba.org>
> Date: Thu, 16 Jun 2016 09:54:06 +0200
> Subject: [PATCH] winbind: change "winbind rpc only" to default to "yes"
> 
> When using domain security and not ads security against
> an AD domain, one ususally WANTS rpc...

Hang on, isn't the below going to make winbindd using
"security = ads" use RPC by default ?

Here's the select code in source3/winbindd/winbindd_cache.c:et_cache()

        if (!domain->backend) {
#ifdef HAVE_ADS
                struct winbindd_domain *our_domain = domain;

                /* find our domain first so we can figure out if we 
                   are joined to a kerberized domain */

                if ( !domain->primary )
                        our_domain = find_our_domain();

                if ((our_domain->active_directory || IS_DC)
                    && domain->active_directory
                    && !lp_winbind_rpc_only()) {
                        DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
                        domain->backend = &reconnect_ads_methods;
                } else {
#endif  /* HAVE_ADS */
                        DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n", domain->name));
                        domain->backend = &reconnect_methods;
#ifdef HAVE_ADS
                }
#endif  /* HAVE_ADS */
        }

The above only selects reconnect_ads_methods if:

our_domain->active_directory AND domain->active_directory AND !lp_winbind_rpc_only

so setting the default to "yes" will force reconnect_methods.

Am I missing something here ?

> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
> index 73d4204..bb9279b 100644
> --- a/lib/param/loadparm.c
> +++ b/lib/param/loadparm.c
> @@ -2898,6 +2898,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
>  
>  	lpcfg_do_global_parameter(lp_ctx, "aio max threads", "100");
>  
> +	lpcfg_do_global_parameter(lp_ctx, "winbind rpc only", "yes");
> +
>  	/* Allow modules to adjust defaults */
>  	for (defaults_hook = defaults_hooks; defaults_hook;
>  		 defaults_hook = defaults_hook->next) {
> diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
> index c17c099..c56410a 100644
> --- a/source3/param/loadparm.c
> +++ b/source3/param/loadparm.c
> @@ -813,6 +813,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
>  	Globals.winbind_refresh_tickets = false;
>  	Globals.winbind_offline_logon = false;
>  
> +	Globals.winbind_rpc_only = true;
> +
>  	Globals.idmap_cache_time = 86400 * 7; /* a week by default */
>  	Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
>  
> -- 
> 2.5.5
>

More information about the samba-technical mailing list