[PATCH] change 'winbind rpc only' to default to true
jra at samba.org
Fri Jun 17 00:14:32 UTC 2016
On Fri, Jun 17, 2016 at 12:45:24AM +0200, Michael Adam wrote:
> So in order to systematize things, we could
> - EITHER remove security = ads (maybe leaving it as a synonym
> for security = domain), and leaving 'winbind rpc only'
> at its current default of 'no'.
> ==> This might be the cleanest solution.
> - OR change the default of winbind rpc only to
> 'yes' for security = domain but leave it at
> 'no' for security = ads.
> ==> This would impement what I originally
> intended with the proposed patch).
> I hope I made myself more clear now.
Yep. I thought the patch didn't do what
you thought it would do :-).
> Does any of the two options above make any sense to you?
Yes, but we can't remove 'security = ads'
due to widespread use in the wild.
The question is - do we leave things
as they are - which is security = ads and security = domain
both try LDAP calls, and will both fall-back
to RPC if there is any problem, or do we
make a change to force RPC (no LDAP)
if the setting is "security = domain" ?
I'd like Alexander and Guenther to comment
here is possible, or anyone else on the
Team (Uri, Volker ?) with experience in
customer environments with this.
More information about the samba-technical