[UPDATED PATCHES] Re: [PATCH] addon patches for domain join failure (Re: [SCM] Samba Shared Repository - branch master updated)
Jeremy Allison
jra at samba.org
Tue Jun 21 17:41:42 UTC 2016
On Tue, Jun 21, 2016 at 05:21:20PM +0200, Michael Adam wrote:
> After longer discussions with Günther and Andreas,
> here are our final addon-patches for bug #11977.
>
> This is the resulting behavior, when joining an
> AD domain:
>
> - If security = domain and winbind rpc only = no,
> we keep the new behavior of failing the join
> if realm is not set properly. (This is the right
> thing to do because samba will use AD methods
> and hence require the realm setting.)
>
> - If security = domain and winbind rpc only = yes,
> then we igore the realm setting but print a
> warning message.
>
> This seems to be the correct way to handle this.
>
> It also seems there is still a discrepancy between
> the behaviors of security = domain and security =ads,
> because several places do check for SEC_ADS, and
> if we want to have security=domain synonymous to
> security=ads (against ad domains at least, as discussed
> in another thread), we'll have to audit and adapt the
> code to make that true... But this is for future patches.
>
> I will push this already reviewed patchset soon
> unless I get vetos, and proceed with the bug#11977
> accordingly.
LGTM. Seems a sensible fallback path !
More information about the samba-technical
mailing list