[UPDATED PATCHES] Re: [PATCH] addon patches for domain join failure (Re: [SCM] Samba Shared Repository - branch master updated)

Jeremy Allison jra at samba.org
Tue Jun 21 17:41:42 UTC 2016


On Tue, Jun 21, 2016 at 05:21:20PM +0200, Michael Adam wrote:
> After longer discussions with G√ľnther and Andreas,
> here are our final addon-patches for bug #11977.
> 
> This is the resulting behavior, when joining an
> AD domain:
> 
> - If security = domain and winbind rpc only = no,
>   we keep the new behavior of failing the join
>   if realm is not set properly. (This is the right
>   thing to do because samba will use AD methods
>   and hence require the realm setting.)
> 
> - If security = domain and winbind rpc only = yes,
>   then we igore the realm setting but print a
>   warning message.
> 
> This seems to be the correct way to handle this.
> 
> It also seems there is still a discrepancy between
> the behaviors of security = domain and security =ads,
> because several places do check for SEC_ADS, and
> if we want to have security=domain synonymous to
> security=ads (against ad domains at least, as discussed
> in another thread), we'll have to audit and adapt the
> code to make that true... But this is for future patches.
> 
> I will push this already reviewed patchset soon
> unless I get vetos, and proceed with the bug#11977
> accordingly.

LGTM. Seems a sensible fallback path !



More information about the samba-technical mailing list