Winbind changes in 4.6/Change for 4.6.0?

Uri Simchoni uri at samba.org
Mon Mar 6 07:23:59 UTC 2017


On 03/06/2017 08:33 AM, Stefan Metzmacher wrote:
>> I would put it back without the smb.conf option myself, but I'll take
>> anything to avoid dropping sites into unsupported.
> 
> I'd also think we should restore the whole old behavior, also returning
> the broken values for trusted domains.
> 
> I don't really care if we have no option at all, one option to enable
> the old behavior or even 2 options to enable it for the primary domain
> and other domains separately. If we add options we should add them as fully
> documented options (and mark them as deprecated similar to "lsa over
> netlogon").
> 
> But I guess restoring this without option would be the simplest way
> of doing it...
> 
> metze
> 
This change was proposed to the list before patches were submitted, and
all responses back then were positive IIRC. I can sympathize with the
desire not to break things, and can only regret I was too narrow-minded
about my own use cases when reviewing this. However, I also strongly
support isolating the old algorithm via a config option, because for the
file server use case this algorithm is deprecated. Isolation will help
guard against unnecessary lookups from creeping back in. The "fallback
into lookup" pattern sometimes hides bugs.

Just my 2c...
Uri.




More information about the samba-technical mailing list