[PATCH] change 'winbind rpc only' to default to true
Jeremy Allison
jra at samba.org
Fri Jun 17 00:14:32 UTC 2016
On Fri, Jun 17, 2016 at 12:45:24AM +0200, Michael Adam wrote:
>
> So in order to systematize things, we could
>
> - EITHER remove security = ads (maybe leaving it as a synonym
> for security = domain), and leaving 'winbind rpc only'
> at its current default of 'no'.
> ==> This might be the cleanest solution.
> `
> - OR change the default of winbind rpc only to
> 'yes' for security = domain but leave it at
> 'no' for security = ads.
> ==> This would impement what I originally
> intended with the proposed patch).
>
> I hope I made myself more clear now.
Yep. I thought the patch didn't do what
you thought it would do :-).
> Does any of the two options above make any sense to you?
Yes, but we can't remove 'security = ads'
due to widespread use in the wild.
The question is - do we leave things
as they are - which is security = ads and security = domain
both try LDAP calls, and will both fall-back
to RPC if there is any problem, or do we
make a change to force RPC (no LDAP)
if the setting is "security = domain" ?
I'd like Alexander and Guenther to comment
here is possible, or anyone else on the
Team (Uri, Volker ?) with experience in
customer environments with this.
Cheers,
Jeremy.
More information about the samba-technical
mailing list