Winbind changes in 4.6/Change for 4.6.0?
Stefan Metzmacher
metze at samba.org
Mon Mar 6 06:33:44 UTC 2017
Am 03.03.2017 um 19:09 schrieb Andrew Bartlett:
> On Fri, 2017-03-03 at 12:12 +0100, Karolin Seeger wrote:
>> Hi,
>>
>> we just had some internal discussions about the winbind changes in
>> Samba
>> 4.6.0. The removal of the token groups fallback will break
>> exististing
>> setups (e.g. domain members where people access files without Samba
>> (nfs, ...). There is no workaround!
>>
>> What about re-adding this feature cleanly and for local domains only
>> and
>> disable it by default?
>>
>> Please find attached a patchset from Volker.
>> "winbind : ask token groups = yes" would restore the old behaviour.
>> (I would prefer a documented parameter, but that could be changed.)
>>
>> Unfortunately, it's pretty late in the release process, but since the
>> code is disabled by default, it should not be a big deal...
>>
>> The planned release date for the final release still is Tuesday,
>> March 7.
>> Some patches have been added sinc rc4, but it seems to be ok to go
>> ahead
>> with rc5.
>>
>> Opinions?
>
> I really appreciated the move to push this up in the WHATSNEW earlier
> in the week, and it certainly gave me the same gut feeling of 'ouch,
> did we really break this with no workaround?'.
>
> I would put it back without the smb.conf option myself, but I'll take
> anything to avoid dropping sites into unsupported.
I'd also think we should restore the whole old behavior, also returning
the broken values for trusted domains.
I don't really care if we have no option at all, one option to enable
the old behavior or even 2 options to enable it for the primary domain
and other domains separately. If we add options we should add them as fully
documented options (and mark them as deprecated similar to "lsa over
netlogon").
But I guess restoring this without option would be the simplest way
of doing it...
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170306/e0a4e35c/signature.sig>
More information about the samba-technical
mailing list