[PATCH] change 'winbind rpc only' to default to true

Michael Adam obnox at samba.org
Thu Jun 16 22:06:58 UTC 2016 

On 2016-06-16 at 14:50 -0700, Jeremy Allison wrote:
> On Thu, Jun 16, 2016 at 11:34:02AM +0200, Michael Adam wrote:
> > review / comments appreciated
> > 
> > Michael
> 
> > From f75209bd8c87523db70fa99bef840d44cc980d16 Mon Sep 17 00:00:00 2001
> > From: Michael Adam <obnox at samba.org>
> > Date: Thu, 16 Jun 2016 09:54:06 +0200
> > Subject: [PATCH] winbind: change "winbind rpc only" to default to "yes"
> > 
> > When using domain security and not ads security against
> > an AD domain, one ususally WANTS rpc...
> 
> Hang on, isn't the below going to make winbindd using
> "security = ads" use RPC by default ?
> 
> Here's the select code in source3/winbindd/winbindd_cache.c:et_cache()
> 
>         if (!domain->backend) {
> #ifdef HAVE_ADS
>                 struct winbindd_domain *our_domain = domain;
> 
>                 /* find our domain first so we can figure out if we 
>                    are joined to a kerberized domain */
> 
>                 if ( !domain->primary )
>                         our_domain = find_our_domain();
> 
>                 if ((our_domain->active_directory || IS_DC)
>                     && domain->active_directory
>                     && !lp_winbind_rpc_only()) {
>                         DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
>                         domain->backend = &reconnect_ads_methods;
>                 } else {
> #endif  /* HAVE_ADS */
>                         DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n", domain->name));
>                         domain->backend = &reconnect_methods;
> #ifdef HAVE_ADS
>                 }
> #endif  /* HAVE_ADS */
>         }
> 
> The above only selects reconnect_ads_methods if:
> 
> our_domain->active_directory AND domain->active_directory AND !lp_winbind_rpc_only
> 
> so setting the default to "yes" will force reconnect_methods.
> 
> Am I missing something here ?

The "!" before lp_winbind_rpc_only() ?

This is exactly the point:
When 'winbind rpc only' is set to "No" (the current default),
then  ADS methods are forced (when te domain is AD).

I want that to change, hence proposing to set the default to Yes.

Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160617/31989457/signature.sig>

More information about the samba-technical mailing list