[PATCH] Correctly handle !authoritative in the rpc-based auth backends
Volker Lendecke
vl at samba.org
Mon Mar 13 08:53:42 UTC 2017
On Mon, Mar 13, 2017 at 01:54:51PM +1300, Andrew Bartlett wrote:
> Is this just for ntlm_auth? Above you seem to suggest you want smbd to
> use winbindd as well.
>
> It isn't in your patch set, but I think you are saying that we should
> call:
> smbd -> winbindd -> netlogond4 for every authentication
Yes.
> That may be OK for SMB, but for LDAP where we we can get hammered with
> simple bind requests, and are currently stuck in a single process, it
> would be:
>
> ldapsrv (single process) -> winbind (multi-process in parts) ->
> netlogond4 (multi-process)
>
> As ldapsrv is currently blocking on authentication and is a single
> process, this would seem to be undesirable.
How do you plan to handle NTLM to trusted domains in this setup?
Volker
More information about the samba-technical
mailing list