Radically trim down winbind?
L.P.H. van Belle
belle at bazuin.nl
Wed Nov 16 14:28:09 UTC 2016
Incomment of Michael, ( and totaly agree with him )
And just a suggestion.
A command table for on the wiki.
Before samba 4 as of samba 4.x
Old command new command
Containing the most ask and most common commands.
The problem is not "not willing" people.
Its new people over and over again with same questions.
The wiki has improved a lot, but it must be improved for search engines.
If you google a simple thing link:
The first 2 hits in google point to old documentation.
This is one of the biggest underlaying problems imo.
Lots of people search, but get the wrong info.
I have a A+ in google foo, so i find my things,
but this can be hard for others.
The wiki really needs better SEO, results arent good in searching.
The old doc sites need this also but if sitemap.xml is used.
( exmple here : https://www.xml-sitemaps.com/ )
Set the Last modification date to old date, so it drops on the search results.
And if you change 1 character on the site and you set a new last mod.
( google needs to see a change.. )
You can easy boost the search results.
> -----Oorspronkelijk bericht-----
> Van: samba-technical [mailto:samba-technical-bounces at lists.samba.org]
> Namens Michael Adam
> Verzonden: woensdag 16 november 2016 12:41
> Aan: Volker Lendecke
> CC: samba-technical at lists.samba.org
> Onderwerp: Re: Radically trim down winbind?
> On 2016-11-03 at 21:45 +0100, Volker Lendecke wrote:
> > Hi!
> > While looking at problems with our winbindd_domain_list and trust
> > enumeration I just had an idea: Just discard everything that can't
> > reliably work. The two main things are:
> > 1. Enumerating users and groups: I can see one scenario where this could
> > possibly work, and that is on a DC for the local domain. Everything
> > else is just prone to fail, because we don't have the privileges to
> > enumerate things or we can't reach DC's or a thousand other reasons
> > like timeouts in huge domains.
> > 2. Querying group memberships without a pac/info3 struct. Again, the
> > scenario might be on a dc for the local users. For everything else
> > we *must* rely on the DC to give us the group membership info after a
> > successful login. I can't count the number of times I have explained
> > to users (and Samba Team people, just this week.... :-) that all bets
> > are off regarding wbinfo -r without wbinfo -a or an smb login. The
> > problem here is -- it works sometimes with incomplete information and
> > it's very hard to figure out the exact circumstances when it works
> > and when it does not.
> > So an idea would be to really delete the code that enumerates anything
> > passdb users, and anything that tries to query group membership info
> without a
> > netsamlogon_cache.tdb entry. For passdb we can look at the local
> > Thoughts? Too extreme?
> Sorry for chiming in so late...
> I think these are the right steps, you have my
> full support -- we have often talked about these
> problems before, so thanks for taking it up!
> If we'd do it in steps, my order of prio would be
> to first get rid of the enum stuff and then the
> group membership.
> And commenting on Stefan Kania's (and others') concerns:
> The fact that many users use the wrong commands
> for testing the domain connection despite us telling
> them not to do it over and over again, is not a reason
> to keep the commands, imho! I just means that all the
> education has not worked out in all those years and now
> poeple have to learn the hard way... And as Volker and
> others said: there will even be alternatives for getting
> lists if you really need them. The may not be the exact
> same call but they will be there (or already are).
> Cheers - Michael
More information about the samba-technical