[PATCH] change 'winbind rpc only' to default to true

Jeremy Allison jra at samba.org
Fri Jun 17 00:14:32 UTC 2016

On Fri, Jun 17, 2016 at 12:45:24AM +0200, Michael Adam wrote:
> So in order to systematize things, we could
> - EITHER remove security = ads (maybe leaving it as a synonym
>   for security = domain), and leaving 'winbind rpc only'
>   at its current default of 'no'.
>   ==> This might be the cleanest solution.
>   `
> - OR change the default of winbind rpc only to
>   'yes' for security = domain but leave it at
>   'no' for security = ads.
>    ==> This would impement what I originally
>        intended with the proposed patch).
> I hope I made myself more clear now.

Yep. I thought the patch didn't do what
you thought it would do :-).

> Does any of the two options above make any sense to you?

Yes, but we can't remove 'security = ads'
due to widespread use in the wild.

The question is - do we leave things
as they are - which is security = ads and security = domain
both try LDAP calls, and will both fall-back
to RPC if there is any problem, or do we
make a change to force RPC (no LDAP)
if the setting is "security = domain" ?

I'd like Alexander and Guenther to comment
here is possible, or anyone else on the
Team (Uri, Volker ?) with experience in
customer environments with this.



More information about the samba-technical mailing list