[PATCH] bug 11259 - get smbd to use winbindd to prime the netsamlogon and name2sid caches.
Jeremy Allison
jra at samba.org
Wed Sep 28 18:59:35 UTC 2016
On Wed, Sep 28, 2016 at 11:50:06AM -0700, Christof Schmitt wrote:
> On Wed, Sep 28, 2016 at 11:28:47AM -0700, Jeremy Allison wrote:
> > On Wed, Sep 28, 2016 at 09:01:15PM +0300, Uri Simchoni wrote:
> >
> > > That would be great.
> > >
> > > I haven't researched this fully and right now I have other duties to
> > > attend to, but I see signs of fishiness with the sequence number refresh
> > > from the parent process (I made two session setups 7 minutes apart, got
> > > a new ldap connection opened for each one instead of reusing the
> > > connection, with all the discovery enchilada). This could be some
> > > consequence of my setup, or it could be a bug, which went undetected
> > > because the sequence number from parent code path is not used often.
> > >
> > > I'll be happier knowing that we don't introduce another blocking network
> > > request in the parent.
> >
> > Feel free to add this to the patchset once it's gone
> > in if you want it.
>
> This is not related to the core issue here, but just to understand what
> is going on: Can someone point me to a reference what this sequence
> number is and how it is used in winbindd?
Well according to Volker it's broken :-). But here is
how it's supposed to work.
Every time an object is changed in DC a sequence number
is updated so that other DC's in the domain can tell something has
been changed and replication needs to be done. We use
this as a hint that our cache is still valid (if it
hasn't changed we don't need to refetch data from
the DC).
Look at the function ads_USN() for how this is done
over LDAP. There are other .sequence methods for
different backend types (see rpc_sequence_number()
for samr etc. etc.).
More information about the samba-technical
mailing list