[PATCH] change 'winbind rpc only' to default to true
Andrew Bartlett
abartlet at samba.org
Fri Jun 17 11:06:12 UTC 2016
On Fri, 2016-06-17 at 09:05 +0200, Volker Lendecke wrote:
> On Thu, Jun 16, 2016 at 05:14:32PM -0700, Jeremy Allison wrote:
> > The question is - do we leave things
> > as they are - which is security = ads and security = domain
> > both try LDAP calls, and will both fall-back
> > to RPC if there is any problem, or do we
> > make a change to force RPC (no LDAP)
> > if the setting is "security = domain" ?
>
> IMHO the distinction does not really make sense at all. We should
> autodetect as much as possible. In short: I believe that
> winbind_ads.c
> needs to go.
I'm not sure of the mechanics (eg if winbind_ads should be used - is it
still the only way to get correct primary groups on user lists?), but I
do so very much agree with the 'autodetect as much as possible' part.
I would love for security=ads to just be a synonym for security=domain,
and then for us to just work the rest out. That was the purpose of my
attempt at 'server role', which we really only push for the AD DC.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list