[PATCH] change 'winbind rpc only' to default to true

Andrew Bartlett abartlet at samba.org
Fri Jun 17 11:06:12 UTC 2016

On Fri, 2016-06-17 at 09:05 +0200, Volker Lendecke wrote:
> On Thu, Jun 16, 2016 at 05:14:32PM -0700, Jeremy Allison wrote:
> > The question is - do we leave things
> > as they are - which is security = ads and security = domain
> > both try LDAP calls, and will both fall-back
> > to RPC if there is any problem, or do we
> > make a change to force RPC (no LDAP)
> > if the setting is "security = domain" ?
> IMHO the distinction does not really make sense at all. We should
> autodetect as much as possible. In short: I believe that
> winbind_ads.c
> needs to go.

I'm not sure of the mechanics (eg if winbind_ads should be used - is it
still the only way to get correct primary groups on user lists?), but I
do so very much agree with the 'autodetect as much as possible' part.  

I would love for security=ads to just be a synonym for security=domain,
and then for us to just work the rest out.  That was the purpose of my
attempt at 'server role', which we really only push for the AD DC.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list