[PATCH] change 'winbind rpc only' to default to true

Michael Adam obnox at samba.org
Sat Jun 18 23:33:13 UTC 2016


On 2016-06-17 at 09:31 -0700, Jeremy Allison wrote:
> On Fri, Jun 17, 2016 at 01:18:06PM +0200, Michael Adam wrote:
> > 
> > Right. It is all pretty inconsistent and 'server role' is
> > certainly conceptually a good thing. But as Jeremy pointed
> > out, the challenge here is not breaking the whole user base.
> > So this first step (making ads and domain synonyms, and possibly
> > deprecating ads value over time, etc), sounds like a very feasible
> > and reasonable approach.
> 
> Ok, so it sounds like we have a plan. I'm not planning to
> push any of the existing patches right now.

Correct, please don't!

> Michael, can you propose a new patchset that moves us
> towards this in stages ?

I have had a lengthy discussion with Günther and Andreas
about the whole situation. It is currently *not* as if
'security = domain' behaves the same as 'security = ads'
against an AD domain (if 'winbind rpc only = no'),
because it is not only the winbind methods that matter.
There are quite a number of code places where the
actual lp_security() is checked against SEC_ADS.

So this requires some more thought and possibly some
more cleanup before we can call sec=ads and sec=domain
synonyms. Will follow up with more patches soon(is)... :-)

Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160619/b42cbdb8/signature.sig>


More information about the samba-technical mailing list